Back

Active Exploitation of LiteLLM Vulnerability (CVE-2026-42271) Confirmed

Severity: Critical (Score: 86.2)

Sources: Cybersecuritynews, Feeds2.Feedburner

Published: 2026-06-09 · Updated: 2026-06-09

Keywords: litellm, vulnerability, cisa, cve-2026-42271, exploiting, open-source, gateway

Severity indicators: vulnerability, rce, CVE:CVE-2026-42271, CVE:CVE-2026-42271, CVE:CVE-2026-42271

Summary

A command injection vulnerability (CVE-2026-42271) in BerryAI’s LiteLLM open-source AI gateway is currently under active exploitation, as confirmed by CISA. This vulnerability allows unauthenticated remote code execution (RCE) on affected systems. Researchers at Horizon3.ai identified that the exploitation involves a critical attack path with a CVSS score of 10.0, requiring no credentials. The vulnerability was published on May 8, 2026, and a proof of concept was made public on May 20, 2026. CISA added the vulnerability to its Known Exploited Vulnerabilities catalog on June 8, 2026, indicating the urgency of the situation. Developers and enterprises using LiteLLM are at risk as attackers can execute arbitrary commands remotely. Immediate action is recommended to mitigate potential impacts. Key Points: • CVE-2026-42271 allows unauthenticated remote code execution in LiteLLM. • CISA added the vulnerability to its KEV catalog on June 8, 2026, due to active exploitation. • The vulnerability has a CVSS score of 10.0, indicating critical severity.

Detailed Analysis

**Impact** Developers and enterprises using BerryAI’s LiteLLM open-source AI gateway are affected, as it is widely adopted to unify calls to multiple large language model APIs. The vulnerability enables unauthenticated remote code execution, potentially compromising any vulnerable deployment globally. The scope includes organizations relying on LiteLLM to avoid vendor lock-in and centrally manage AI API access, risking operational disruption and data exposure. Specific sectors or geographic regions were not detailed in the sources. **Technical Details** The attack exploits a critical command injection vulnerability (CVE-2026-42271) in LiteLLM, chained with another CVE to achieve a CVSS 10.0 critical remote code execution (RCE) without authentication. The vulnerability allows threat actors to run arbitrary commands on exposed systems via the AI gateway proxy. The kill chain stage is initial access and execution. No specific malware, tools, or IOCs were provided in the articles. **Recommended Response** Apply the latest patches addressing CVE-2026-42271 and the associated chained vulnerability immediately. Deploy detections for unusual command execution and monitor network traffic for exploitation attempts targeting LiteLLM endpoints. Harden configurations by restricting external access to LiteLLM services and implement strict input validation. If patching is not yet possible, increase monitoring for signs of compromise and block known exploit indicators when available.

Source articles (2)

  • Hackers Exploiting LiteLLM RCE Vulnerability in the Wild to Run Arbitrary Commands — Cybersecuritynews · 2026-06-09
    Threat actors are actively exploiting a critical chained vulnerability in LiteLLM, a popular open-source AI gateway proxy, allowing unauthenticated remote code execution (RCE) on vulnerable deployment…
  • LiteLLM vulnerability under active attack, CISA warns (CVE-2026-42271) — Feeds2.Feedburner · 2026-06-09
    A command injection vulnerability (CVE-2026-42271) in BerryAI’s LiteLLM open-source AI gateway is being exploited by attackers, the US Cybersecurity and Infrastructure Security Agency (CISA) confirmed…

Timeline

  • 2026-05-08 — CVE-2026-42271 published: BerryAI disclosed a command injection vulnerability in LiteLLM affecting various deployments.
  • 2026-05-20 — First public PoC released: A proof of concept demonstrating the command injection vulnerability was made public.
  • 2026-06-08 — CISA adds CVE-2026-42271 to KEV catalog: CISA confirmed active exploitation of the vulnerability and added it to its Known Exploited Vulnerabilities list.
  • Recent — Active exploitation confirmed: Threat actors are actively exploiting the LiteLLM vulnerability to execute arbitrary commands remotely.

CVEs

  • CVE-2026-42271

Related entities

  • Zero-day Exploit (Attack Type)
  • CWE-78 - OS Command Injection (Cwe)
  • horizon3.ai (Domain)
  • T1059 - Command and Scripting Interpreter (Mitre Attack)
  • LiteLLM (Tool)
  • LiteLLM Vulnerability (Vulnerability)
Loading threat details...

Threat Not Found

The threat cluster you're looking for doesn't exist or has been removed.

Return to Feed