LiteLLM Contains Critical SQL Injection Vulnerability
According to GBHackers, a critical pre-authentication SQL injection vulnerability, identified as CVE-2026-42208, exists in the LiteLLM gateway. GBHackers reports the flaw stems from improper parameterization of the Authorization: Bearer header during authentication checks, allowing an unauthenticated attacker with network access to the LiteLLM proxy port to execute arbitrary SQL against the backend database. The advisory was initially published to the LiteLLM repository on April 20, 2026, and GBHackers reports that attackers began exploiting the flaw within 36 hours of indexing, using targeted payloads, column-count enumeration, and IP rotation to extract API keys, upstream provider credentials, and configuration data.
What happened
According to GBHackers, a critical pre-authentication SQL injection vulnerability, CVE-2026-42208, has been disclosed in the open-source LiteLLM proxy. GBHackers reports the security advisory was published to the LiteLLM repository on April 20, 2026, and that the flaw allows unauthenticated requests reaching the proxy port to execute arbitrary SQL queries against the underlying database. GBHackers also reports that exploitation attempts were observed starting roughly 36 hours after the issue was indexed in global databases.
Technical details
Per GBHackers, the vulnerability is caused by a failure to properly parameterize the Authorization: Bearer header during authentication checks. GBHackers describes attackers using column-count enumeration to enumerate and exfiltrate rows, and rotating source IP addresses to evade detection. The reporting lists targeted tables such as LiteLLM_VerificationToken, litellm_credentials, and litellm_config, and says extracted data included virtual API keys, upstream provider credentials, and runtime configuration entries.
Observed exploitation
According to GBHackers, malicious operators developed custom payloads soon after disclosure rather than relying on generic scanners. GBHackers reports those operators have used the flaw to obtain cloud-grade credentials and API keys tied to high-cost AI services.
Editorial analysis
Industry context
Gateways and proxies that centralize credentials and API keys present high-value targets; credential theft from such components can enable lateral access to cloud provider accounts and high-cost AI services. Observed rapid weaponization within days of indexing fits a broader pattern where exposed orchestration and gateway layers are prioritized by attackers.
For practitioners: Rapid detection and containment are critical because CVE-class SQL injection in an unauthenticated path removes typical network barriers. Companies and operators running lightweight AI proxies or gateway layers should prioritize credential rotation, restrict management ports to trusted networks, and validate input handling in authentication paths.
What to watch
- •Whether LiteLLM maintainers publish a patch or mitigation guidance and the timeline for that disclosure.
- •Reports of further exploitation targeting upstream providers named in extracted credentials.
- •Evidence of lateral movement or misuse of stolen API keys leading to unexpected cloud charges or data exfiltration.
Note: GBHackers is the sole published source for the above details in the reporting cited here. LiteLLM has not been quoted in the GBHackers article, and no direct statement from LiteLLM is included in that report.
Scoring Rationale
A critical, pre-auth SQL injection in a widely used AI gateway that is being actively exploited raises immediate operational and security risks for practitioners, especially because stolen API/provider credentials enable costly lateral access. The story is notable but not a sector-defining event.
Practice interview problems based on real data
1,500+ SQL & Python problems across 15 industry datasets — the exact type of data you work with.
Try 250 free problems
