A significant SQL injection vulnerability in the LiteLLM platform, an open-source AI gateway with over 22,000 stars on GitHub, is currently being exploited by attackers. This critical flaw, identified as CVE-2026-42208, jeopardizes the security of sensitive credentials stored within the platform’s PostgreSQL database.
Understanding the Vulnerability
LiteLLM serves as a central proxy for prominent language models such as OpenAI, Anthropic, and AWS Bedrock. As it facilitates AI routing and billing functions, LiteLLM holds crucial secrets, including master API keys and enterprise cloud credentials. The vulnerability arises from inadequate protection of the Authorization Bearer header, enabling attackers to execute unauthorized database commands.
Attackers can exploit this flaw by inserting a single quote into a token, sk-litellm’. This allows them to bypass authentication and run malicious queries, making any HTTP client capable of reaching the proxy port potentially dangerous.
Rapid Exploitation and Data Theft
The Sysdig Threat Research Team identified the first exploitation attempt just over 36 hours after the vulnerability was recorded in the GitHub Advisory Database on April 24, 2026. Skilled attackers targeted specific database tables, such as LiteLLM_VerificationToken, litellm_credentials, and litellm_config, which contain critical data like API keys and provider credentials. This attack, originating from two specific IP addresses, demonstrates a coordinated effort to extract valuable information.
Preventive Measures and Security Recommendations
In response, the developers of LiteLLM have released version 1.83.7, addressing the security flaw by enhancing database query protection. Organizations using versions from 1.81.16 to 1.83.6 are urged to apply this patch immediately. Due to the nature of the attack, which requires no authentication, administrators should presume that internet-exposed servers might already be compromised.
Security teams must rotate all virtual API keys, master keys, and provider credentials promptly. Monitoring cloud billing accounts for unusual activity is vital to detect unauthorized API usage. Additionally, auditing web server logs for suspicious SQL keyword usage or the sk-litellm’ payload is recommended.
As AI gateways become repositories for highly sensitive credentials, securing these environments is crucial. Deploying them behind internal networks and maintaining rigorous patch management can mitigate the risk of corporate credential theft.
Stay updated on cybersecurity news by following us on Google News, LinkedIn, and X. Contact us to share your cybersecurity stories.
