BerriAI LiteLLM SQL Injection Vulnerability
BerriAI LiteLLM contains a SQL injection vulnerability that allows an attacker to read data from the proxy's database and potentially modify it, leading to unauthorized access to the proxy and the credentials it manages.
Quick answer
BerriAI LiteLLM should be reviewed and updated if it matches the affected versions. The recommended fix is to apply the vendor-supported patched version or the mitigation steps below, then retest the public website with Fixnx.
Who is affected
Affected versions
- Review vendor advisory for affected versions.
Fixed versions
- Apply the latest vendor-supported patched version.
How to fix it
CVE-2026-42208 is a SQL injection issue in LiteLLM Proxy API key verification. Affected versions are 1.81.16 through 1.83.6, with fixes available in 1.83.7 and later and a vendor-recommended upgrade to 1.83.10-stable. Upgrade the proxy, review database query history if it was exposed to untrusted networks, and rotate proxy keys and provider credentials that may have been stored or reachable through the proxy.
- Identify every LiteLLM Proxy deployment, container image, package pin, and helm or compose deployment.
- Upgrade LiteLLM Proxy to 1.83.10-stable where possible, or at minimum to 1.83.7 or later.
- Redeploy containers and restart proxy workers so all running processes use the fixed version.
- Restrict the proxy to trusted clients and remove public internet exposure unless a strong gateway and authentication layer is in place.
- Review Postgres or database query history using the vendor guidance if the proxy was reachable from an untrusted network.
- Rotate LiteLLM API keys, model provider keys, database credentials, and any secrets stored in the proxy database.
- Review logs for crafted Authorization headers, unusual API key checks, unexpected database access, or new users.
Scan now. Google sign-in is only needed to unlock fix guidance.
Verify the fix
- Confirm the deployed LiteLLM Proxy version is 1.83.7 or later, preferably 1.83.10-stable.
- Verify all containers and workers were rebuilt or restarted after the dependency update.
- Confirm untrusted clients cannot directly reach the proxy database-backed key verification path.
- Review database and application logs for suspicious query patterns during the exposure window.
- Run a Fixnx scan and external exposure review for public AI gateway endpoints.
Related categories
Trusted references
FAQ
What is affected by CVE-2026-42208?
BerriAI LiteLLM should be checked against the vendor advisory and trusted references linked on this page.
What should I fix first?
Start with internet-facing sites, admin panels, login flows, plugins, themes, modules, packages, and systems that process user-controlled input or sensitive data.
How do I confirm the fix worked?
Apply the patched version or mitigation, clear caches where relevant, retest the affected workflow, and run a new Fixnx scan to verify public website exposure signals.
Why can this risk appear in multiple categories?
A vulnerability can belong to more than one platform or ecosystem. Fixnx keeps one canonical risk page while also listing it in every relevant category.
