LiteLLM Flaw CVE-2026-42271 Exploited in the Wild, Chains to Unauthenticated RCE

A critical command injection vulnerability (CVE-2026-42271) in LiteLLM AI gateway versions 1.74.2 through 1.83.7 is being actively exploited in the wild. Researchers have chained this with a Starlette flaw to achieve unauthenticated RCE, bypassing authentication entirely. Compromised systems face immediate risk of credential theft and lateral movement.

CRITICALAdvisoryJun 10, 2026

Action required

Immediately identify and patch all LiteLLM instances to version 1.83.7 or later. Hunt for exploitation indicators: check access logs for suspicious requests to LiteLLM endpoints, scan for process execution anomalies on affected hosts, and review credential access logs for unauthorized activity.

Affected products

LiteLLMBerriAIStarletteHorizon3.aiPython SDK

CVE IDs

CVE-2026-42271 CVE-2026-48710

Linked articles

LiteLLM Flaw CVE-2026-42271 Exploited in the Wild, Chains to Unauthenticated RCE

Source links

https://thehackernews.com/2026/06/litellm-flaw-cve-2026-42271-exploited.html