Critical LiteLLM RCE (CVE-2026-42271) Actively Exploited, Exposes All API Keys
Summary: CVE-2026-42271, a command-injection flaw in LiteLLM's Model Context Protocol endpoints, is being actively exploited in the wild. Chained with a Starlette host-header bypass (CVE-2026-48710), attackers achieve unauthenticated RCE with a combined CVSS score of 10.0.
Key Facts
- Vulnerable endpoints:
POST /mcp-rest/test/connectionandPOST /mcp-rest/test/tools/listaccept arbitrary subprocess configurations with no validation or sandboxing - Affected versions: LiteLLM 1.74.2 through 1.83.6 (standalone CVSS 8.7; chained with CVE-2026-48710 reaches CVSS 10.0)
- Impact: Full server compromise, including all OpenAI, Anthropic, and other AI API keys stored in the proxy
- CISA KEV: Added June 9, 2026 — federal agencies required to patch by a hard deadline; private sector urged to treat it the same
- Fix: Upgrade to LiteLLM ≥ 1.83.7 and Starlette ≥ 1.0.1
Why It Matters
LiteLLM acts as a unified gateway to hundreds of AI models and is widely deployed by startups and enterprises to manage multi-provider AI cost and routing. This vulnerability doesn't just break the server — it hands attackers the billing credentials for every AI provider the instance talks to, turning a single unpatched deployment into direct financial exposure. If you're running any version below 1.83.7, patch now.
Read More
- LiteLLM Flaw CVE-2026-42271 Exploited in the Wild — The Hacker News
- CVE-2026-42271 Chained with CVE-2026-48710 — Horizon3.ai