Home/News/LiteLLM Flaw CVE-2026-42271 Exploited in the Wild, Chains to Unauthenticated RCE
The Hacker News2 min read

LiteLLM Flaw CVE-2026-42271 Exploited in the Wild, Chains to Unauthenticated RCE

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a critical flaw affecting BerriAI LiteLLM to its Known Exploited Vulnerabilities (KEV) catalog on Monday, citing evidence of active exploitation. The vulnerability, identified as CVE-2026-42271 and assigned a CVSS score of 8.7, is a command injection flaw. This vulnerability could permit any authenticated user to execute arbitrary commands on the underlying server. The discovery of this flaw and its active exploitation highlights a significant security risk for organizations utilizing LiteLLM, an open-source project designed to simplify access to various large language models (LLMs) through a unified API. The potential for unauthenticated remote code execution (RCE) poses a severe threat, enabling attackers to compromise systems, steal data, or disrupt services. CISA mandates that federal agencies patch this vulnerability by November 18, 2026, to mitigate the risks associated with its exploitation. The inclusion in the KEV catalog signifies that the vulnerability has been confirmed to be actively exploited in real-world attacks, prompting urgent action from affected entities.

Original source — read the full reporting at the publisher:

Read on The Hacker News

Read next