본문으로 건너뛰기
All news

Critical LiteLLM RCE (CVE-2026-42271) Actively Exploited, Exposes All API Keys

Summary: CVE-2026-42271, a command-injection flaw in LiteLLM's Model Context Protocol endpoints, is being actively exploited in the wild. Chained with a Starlette host-header bypass (CVE-2026-48710), attackers achieve unauthenticated RCE with a combined CVSS score of 10.0.

Key Facts

  • Vulnerable endpoints: POST /mcp-rest/test/connection and POST /mcp-rest/test/tools/list accept arbitrary subprocess configurations with no validation or sandboxing
  • Affected versions: LiteLLM 1.74.2 through 1.83.6 (standalone CVSS 8.7; chained with CVE-2026-48710 reaches CVSS 10.0)
  • Impact: Full server compromise, including all OpenAI, Anthropic, and other AI API keys stored in the proxy
  • CISA KEV: Added June 9, 2026 — federal agencies required to patch by a hard deadline; private sector urged to treat it the same
  • Fix: Upgrade to LiteLLM ≥ 1.83.7 and Starlette ≥ 1.0.1

Why It Matters

LiteLLM acts as a unified gateway to hundreds of AI models and is widely deployed by startups and enterprises to manage multi-provider AI cost and routing. This vulnerability doesn't just break the server — it hands attackers the billing credentials for every AI provider the instance talks to, turning a single unpatched deployment into direct financial exposure. If you're running any version below 1.83.7, patch now.

Read More

뉴스레터 구독

무료 뉴스레터

매주 핵심 AI 소식, 한 번에 받기

쏟아지는 AI·LLM 뉴스 중 꼭 알아야 할 것만 골라 메일로 보내드려요. 뉴스레터 발송이 시작되면 구독자분들께 가장 먼저 보내드립니다.