Find notable cyber news and cases, enriched with sources, timelines, and signals.

LiteLLM security patch release for CVE-2026-42208

Security Patch Release
First reported
Last updated
Happening score
H score 31
1 unique sources, 1 articles

Summary

Hide ▲

LiteLLM version 1.83.7 ships a fix for CVE-2026-42208, closing a critical SQL injection path in the proxy API key verification flow. The release replaces string concatenation with parameterized queries, reducing the risk of database exposure and unauthorized access to stored secrets.

Related Happenings

LiteLLM endpoint-hardening patch release (CVE-2026-42271)

Security Patch Release
H score59 First: 09.06.2026 09:26 Last: 09.06.2026 09:26 Sources 1

About this happening: BerriAI released **LiteLLM 1.83.7**, hardening access to the vulnerable **MCP test endpoints** that accepted full server configurations. The update now requires the **PROXY_ADMIN*...

Ivanti security patch release for CVE-2026-8043

Security Patch Release
H score25 First: 18.05.2026 13:54 Last: 18.05.2026 13:54 Sources 1

About this happening: **Ivanti, Fortinet, SAP, Broadcom, and n8n** released **security fixes** on **2026-05-18** for flaws that could enable **authentication bypass**, **remote code execution**, **SQL...

Linux kernel Dirty Frag patch release (CVE-2026-43284, CVE-2026-43500)

Security Patch Release
H score32 First: 11.05.2026 17:30 Last: 11.05.2026 17:30 Sources 1

About this happening: **Major Linux distributions** are rolling out fixes for **Dirty Frag**, the **Linux kernel** patch release that covers **CVE-2026-43284** and **CVE-2026-43500**. The update matter...

Microsoft April 2026 Patch Tuesday security update (165 CVEs)

Security Patch Release
H score62 First: 15.04.2026 00:22 Last: 15.04.2026 00:22 Sources 1

About this happening: **Microsoft** shipped **April 2026 Patch Tuesday** updates covering **165 CVEs**, including an **actively exploited zero-day** and a **publicly disclosed** flaw, creating immediat...

Microsoft April 2026 Patch Tuesday security updates (167 flaws)

Security Patch Release
H score55 First: 14.04.2026 20:41 Last: 14.04.2026 20:41 Sources 1

About this happening: Microsoft's **April 2026 Patch Tuesday** ships **security updates** for **167 flaws**, including **2 zero-days**, reducing exposure across widely used Microsoft software. The rele...

Timeline

  1. 29.04.2026 00:07 2 articles · 2mo ago

    Active CVE-2026-42208 exploitation disclosed for LiteLLM

    Initial Disclosure

    Researchers reported active, targeted exploitation of CVE-2026-42208 against LiteLLM deployments, where a specially crafted Authorization header to /chat/completions and other LLM API routes could reach an SQL injection flaw in the proxy API key verification step, allowing database read and modification and exposing API keys, virtual and master keys, provider credentials, and environment/config secrets. LiteLLM version 1.83.7 replaced string concatenation with parameterized queries, and operators unable to upgrade were advised to set disable_error_logs: true under general_settings to block the vulnerable query path.

    Show sources