LiteLLM, a popular open-source AI gateway, is facing significant security concerns due to a critical SQL injection vulnerability. This flaw, identified as CVE-2026-42208, allows attackers to extract sensitive cloud and AI provider credentials from LiteLLM's PostgreSQL database without needing prior authentication. LiteLLM serves as a central proxy for major language models such as OpenAI, Anthropic, and AWS Bedrock, managing AI routing and billing. As a result, it stores high-value secrets like master API keys and enterprise cloud credentials. The impact of exploiting this vulnerability is severe, resembling a major cloud account breach rather than a typical web application attack.

The vulnerability originates in the proxy's verification process, where LiteLLM inadequately secures the Authorization Bearer header. Attackers can manipulate this flaw by inserting a single quote into a fake token, allowing them to execute malicious database commands before authentication occurs. The Sysdig Threat Research Team identified the first exploitation attempt shortly after the vulnerability was listed in the GitHub Advisory Database, demonstrating attackers' advanced understanding of LiteLLM's internal structure. These targeted attacks focused on critical tables within the database, aiming to extract virtual API keys and other sensitive credentials.

The LiteLLM team has addressed the issue by releasing version 1.83.7, which secures the database queries. Organizations using affected versions should upgrade immediately to mitigate the risk of compromise. Since the attack does not require login credentials and can be executed on exposed instances, administrators are advised to assume that their servers may already be compromised. Security teams should rotate all virtual API keys and master keys and monitor cloud billing accounts for any unauthorized activity. Additionally, auditing web server logs for unusual requests can help detect potential exploitation attempts. As AI gateways increasingly hold valuable credentials, securing these environments and maintaining strict patch management are crucial to prevent major breaches.