Top stories
LiteLLM CVE-2026-42271 exploited in the wild, chains to unauthenticated RCE
- Category: Security
- Status: confirmed
- Sources: Help Net Security, Horizon3.ai, CISA KEV
- Summary: CVE-2026-42271 is a command injection flaw (CVSS 8.7) in LiteLLM MCP server preview endpoints, affecting versions 1.74.2 through 1.83.6. The endpoints
POST /mcp-rest/test/connectionandPOST /mcp-rest/test/tools/listaccept a full server config includingcommand,args, andenvfields and spawn them as subprocesses without validation. Horizon3.ai chained this with CVE-2026-48710, a host header bypass in Starlette (BadHost), to achieve unauthenticated RCE with a combined CVSS of 10.0. CISA added the flaw to KEV on 2026-06-08. - Why it matters: Exploiting a LiteLLM proxy exposes all model provider API keys, integrated AI infrastructure, and downstream connected systems. Patch to LiteLLM 1.83.7 and Starlette 1.0.1; block the two affected endpoints at the reverse proxy if immediate patching is not possible.