Package impact
PyPI / litellm
| CVE | Severity | CVSS | Risk | Published | Description | Impact |
|---|---|---|---|---|---|---|
| CVE-2026-42208 | critical | 9.8 | 10.0 | 21d ago | LiteLLM has SQL Injection in Proxy API key verification | |
| CVE-2026-42271 | high | 8.8 | 8.8 | 21d ago | LiteLLM: Authenticated command execution via MCP stdio test endpoints | |
| CVE-2026-42203 | high | 8.8 | 8.8 | 21d ago | LiteLLM: Server-Side Template Injection in /prompts/test endpoint | |
| CVE-2026-40217 | high | 8.8 | 8.8 | 2mo ago | LiteLLM has a sandbox escape in custom-code guardrail | |
| CVE-2026-35029 | high | 8.8 | 8.8 | 2mo ago | LiteLLM: Privilege escalation via unrestricted proxy configuration endpoint |