Bishop Fox ·EN-US Vendor research
CVE-2026-42208: Pre-Authentication SQL Injection in LiteLLM Proxy
Summary
Bishop Fox researchers reproduced a critical pre-authentication SQL injection vulnerability affecting BerriAI's LiteLLM proxy in versions 1.81.16 through 1.83.6. LiteLLM is an open-source AI gateway that exposes OpenAI-compatible endpoints in front of more than 100 model providers and is increasingly common as the front door to internal LLM gateways at organizations that want unified cost tracking, key management, and rate limiting across vendors. The flaw lives inside an internal helper that resolves bearer tokens to virtual-key records, where a single missing parameter binding allows an unauthenticated attacker to inject arbitrary SQL into the proxy's PostgreSQL backend.…