Package impact
PIP / litellm
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-42208 | critical | 9.8 | 10.0 | 21d ago | BerriAI LiteLLM contains a SQL injection vulnerability that allows an attacker to read data from the proxy's database and potentially modify it, leading to unauthorized access to the proxy and the cr… | |||
| CVE-2026-42271 | high | 8.8 | 8.8 | 21d ago | LiteLLM: Authenticated command execution via MCP stdio test endpoints | |||
| CVE-2026-42203 | high | 8.8 | 8.8 | 21d ago | LiteLLM: Server-Side Template Injection in /prompts/test endpoint | |||
| CVE-2026-40217 | high | 8.8 | 8.8 | 2mo ago | LiteLLM has a sandbox escape in custom-code guardrail | |||
| CVE-2026-35029 | high | 8.8 | 8.8 | 2mo ago | LiteLLM: Privilege escalation via unrestricted proxy configuration endpoint |