AI description
CVE-2026-42271 is a command injection vulnerability found in LiteLLM, an open-source proxy server designed to expose Large Language Model (LLM) APIs in an OpenAI-compatible format. This flaw affects LiteLLM versions from 1.74.2 up to, but not including, 1.83.7. The vulnerability resides in two Model Context Protocol (MCP) preview endpoints, `POST /mcp-rest/test/connection` and `POST /mcp-rest/test/tools/list`, which incorrectly accepted full server configurations, including fields for `command`, `args`, and `env` used by the `stdio` transport. Exploitation of CVE-2026-42271 allows an authenticated attacker, even with a low-privilege API key, to execute arbitrary commands on the LiteLLM proxy host. This occurs because the vulnerable endpoints would spawn the supplied command as a subprocess with the privileges of the proxy process. The issue has been patched in LiteLLM version 1.83.7, which introduced additional authorization controls requiring the `PROXY_ADMIN` role for these test endpoints. Furthermore, this vulnerability can be chained with CVE-2026-48710, a Starlette "BadHost" host header validation bypass, to achieve unauthenticated remote code execution.
- Description
- LiteLLM is a proxy server (AI Gateway) to call LLM APIs in OpenAI (or native) format. From version 1.74.2 to before version 1.83.7, two endpoints used to preview an MCP server before saving it — POST /mcp-rest/test/connection and POST /mcp-rest/test/tools/list — accepted a full server configuration in the request body, including the command, args, and env fields used by the stdio transport. When called with a stdio configuration, the endpoints attempted to connect, which spawned the supplied command as a subprocess on the proxy host with the privileges of the proxy process. The endpoints were gated only by a valid proxy API key, with no role check. Any authenticated user — including holders of low-privilege internal-user keys — could therefore run arbitrary commands on the host. This issue has been patched in version 1.83.7.
- Source
- security-advisories@github.com
- NVD status
- Analyzed
- Products
- litellm
CVSS 4.0
- Type
- Secondary
- Base score
- 8.7
- Impact score
- -
- Exploitability score
- -
- Vector string
- CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
- Severity
- HIGH
CVSS 3.1
- Type
- Primary
- Base score
- 8.8
- Impact score
- 5.9
- Exploitability score
- 2.8
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
- Severity
- HIGH
Data from CISA
- Vulnerability name
- BerriAI LiteLLM Command Injection Vulnerability
- Exploit added on
- Jun 8, 2026
- Exploit action due
- Jun 22, 2026
- Required action
- Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- security-advisories@github.com
- CWE-77
- Hype score
- Not currently trending
LiteLLM AI Gatewayの脆弱性CVE-2026-42271について。6/9にサイバーセキュリティ・社会基盤安全保障庁(CISA)の既知の悪用された脆弱性カタログ採録。単体ではAPIキーが必要なコマンドインジェクションだが、CVE-2026-48710
@__kokumoto
23 Jun 2026
469 Impressions
0 Retweets
1 Like
1 Bookmark
0 Replies
0 Quotes
🛡️ CVE-2026-42271: Inyección de Comandos Crítica en BerriAI LiteLLM Explotada Activamente Análisis técnico de CVE-2026-42271, vulnerabilidad de inyección de comandos en LiteLLM que permite ejecución arbitraria a usuarios autenticados. https://t.co/WD4y8TuqGg #ciberpla
@CiberPlanetaOrg
18 Jun 2026
73 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2026-42271: LiteLLM 1.74.2-1.83.6 command injection via MCP test endpoints allows arbitrary OS cmd execution with a valid API key. Fixed in 1.83.7. Chains w/ CVE-2026-48710 for unauthenticated RCE. CISA KEV. Patch now and rotate credentials. #litellm #CVE202642271
@GreyZoneSec
12 Jun 2026
5 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 LiteLLM CVE-2026-42271 is exploited in the wild. This AI gateway flaw can allow command execution and may chain with Starlette CVE-2026-48710 to become unauthenticated RCE. https://t.co/wdAnqOmrft #CyberSecurity #LiteLLM #AISecurity #RCE #Vulert
@vulert_official
11 Jun 2026
5 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 New critical LiteLLM flaw is being exploited in the wild. CVE-2026-42271 (CVSS 8.7) — command injection via two MCP preview endpoints. Chained with CVE-2026-48710 (Starlette host header bypass) → unauthenticated RCE (CVSS 10.0). If you run litellm-proxy: read this thre
@456c6f727269
11 Jun 2026
66 Impressions
0 Retweets
0 Likes
1 Bookmark
1 Reply
0 Quotes
Top 5 Trending CVEs: 1 - CVE-2026-23111 2 - CVE-2026-23479 3 - CVE-2026-42271 4 - CVE-2025-7771 5 - CVE-2026-6973 #cve #cvetrends #cveshield #cybersecurity https://t.co/4Fua3CAN6W
@CVEShield
10 Jun 2026
97 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
An AI gateway flaw lets attackers run code unauthenticated - CISA says CVE-2026-42271 is being exploited now. https://t.co/f1B9nmqR4p #ThreatIntel #CVE https://t.co/2vyhCPKq1t
@threadlinqs
10 Jun 2026
42 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
LiteLLMのコマンドインジェクションCVE-2026-42271(CVSS 8.7)が悪用されCISAがKEVに追加。StarletteのCVE-2026-48710と連鎖で認証不要RCE、複合CVSS 10.0に。要1.83.7更新 / LiteLLM Flaw CVE-2026-42271 Exploited in the Wild, Chains to Unauthenticated R
@__su888
9 Jun 2026
72 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
CISA KEV Highlights LiteLLM RCE (CVE-2026-42271) & Check Point VPN Auth Bypass (CVE-2026-50751) https://t.co/4ZdBjTTmLk CISA KEV Highlights LiteLLM RCE (CVE-2026-42271) & Check Point VPN Auth Bypass (CVE-2026-50751) CISA added two vulnerabilities to its Known Exploited
@f1tym1
9 Jun 2026
39 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Critical Security Advisory LiteLLM Remote Code Execution CVE-2026-42271 and CVE-2026-48710 Threat Intelligence Alert https://t.co/pKGbT7Ml4F #appsec
@eyalestrin
9 Jun 2026
43 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🔐CVE-2026-42271: Critical command injection in LiteLLM AI gateway — actively exploited. Chains with Starlette Host Header bypass (CVE-2026-48710) → unauthenticated RCE (CVSS 10). 🔗 https://t.co/ftjEZPejPl #CyberSecurity #ThreatIntel #CVE202642271 #LiteLLM #AI #RCE #C
@ThreatAft
9 Jun 2026
7 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
LiteLLM vulnerability under active attack, CISA warns (CVE-2026-42271): A command injection vulnerability (CVE-2026-42271) in BerryAI’s LiteLLM open-source AI gateway is being exploited by attackers, the US Cybersecurity and Infrastructure Security… https://t.co/RYGutaVt4c ht
@shah_sheikh
9 Jun 2026
34 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CISA has added CVE-2026-42271 to its KEV catalog after active exploitation. The LiteLLM command injection flaw can chain with a Starlette auth bypass to enable unauthenticated RCE. #LiteLLM #CVE-2026-42271 #CVE-2026-48710 https://t.co/85aTljWenn
@TweetThreatNews
9 Jun 2026
138 Impressions
1 Retweet
1 Like
0 Bookmarks
0 Replies
0 Quotes
LiteLLM CVE 🚨 LiteLLM flaw CVE-2026-42271 is being exploited in the wild — chains to unauthenticated RCE. Patch NOW. 🔗 https://t.co/m2NCKMUMfj
@TheRabbitPy
9 Jun 2026
31 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Top 5 Trending CVEs: 1 - CVE-2025-8088 2 - CVE-2026-4480 3 - CVE-2026-42271 4 - CVE-2026-23111 5 - CVE-2026-3300 #cve #cvetrends #cveshield #cybersecurity https://t.co/4Fua3CAN6W
@CVEShield
9 Jun 2026
100 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
CISAが既知の悪用された脆弱性2件をカタログに追加 CISA Adds Two Known Exploited Vulnerabilities to Catalog #CISA (Jun 8) CVE-2026-42271 BerriAI LiteLLM コマンドインジェクションの脆弱性 CVE-2026-50751 Check Point Security Gatewayの認証エ
@foxbook
9 Jun 2026
198 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🛡️ We added BerriAI LiteLLM vulnerability CVE-2026-42271 & Check Point Security Gateway vulnerability CVE-2026-50751 to our KEV Catalog. Visit https://t.co/myxOwap1Tf & apply mitigations to protect your org from cyberattacks. https://t.co/B3eSaFU0rU
@CISACyber
8 Jun 2026
3835 Impressions
15 Retweets
25 Likes
2 Bookmarks
1 Reply
1 Quote
[
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:litellm:litellm:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D249DFDB-5D0D-4053-A997-0900F77F9A13",
"versionEndExcluding": "1.83.7",
"versionStartIncluding": "1.74.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
]