CVE-2026-42203
high
CVSS v3
8.8
CVSS v2
—
VIR risk
8.8
Description
LiteLLM: Server-Side Template Injection in /prompts/test endpoint
Predictions
Exploit likelihood
100%
Patch ETA
—
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
Vendor advisory: security-advisories@github.com — https://github.com/BerriAI/litellm/security/advisories/GHSA-xqmj-j6mv-4862
Vendor advisory: security-advisories@github.com — https://github.com/BerriAI/litellm/releases/tag/v1.83.7-stable
Application impact
| Vendor | Product | Versions | Fixed |
|---|---|---|---|
| litellm | litellm | {"startIncluding":"1.80.5","endExcluding":"1.83.7"} | 1.83.7 |
References
CWEs
CWE-1336
Verify integrity in audit chain (admin only). AS-IS.