> TritonInfoSec News
Home / Apr 30, 2026 / Story
0
#6 BleepingComputer general April 28, 2026 at 21:07 UTC

Hackers are exploiting a critical LiteLLM pre-auth SQLi flaw

By Bill Toulas

AI Summary

CVE-2026-42208, a critical SQL injection vulnerability in BerriAI's LiteLLM large language model gateway, is being actively exploited within 36 hours of public disclosure. The CVSS 9.3 flaw allows attackers to read and modify database content in LiteLLM proxy deployments used for managing AI model access.

Read full article → https://www.bleepingcomputer.com/news/security/hac…

Relevance score: 82.0/100

# More from April 30

  1. 1
    Claude Mythos Has Found 271 Zero-Days in Firefox Schneier on Security
  2. 2
    Official SAP npm packages compromised to steal credentials BleepingComputer
  3. 3
    GitHub fixes RCE flaw that gave access to millions of private repos BleepingComputer
  4. 4
    cPanel, WHM emergency update fixes critical auth bypass bug BleepingComputer
  5. 5
    CISA orders feds to patch Windows flaw exploited as zero-day BleepingComputer
  6. 7
    Popular WordPress redirect plugin hid dormant backdoor for years BleepingComputer
  7. 8
    Broken VECT 2.0 ransomware acts as a data wiper for large files BleepingComputer
  8. 9
    Hackers arrested for hijacking and selling 610,000 Roblox accounts BleepingComputer
  9. 10
    AI Finds 38 Security Flaws in Electronic Health Record Platform Dark Reading