CISA has added CVE-2026-42271 to its Known Exploited Vulnerabilities catalog after detecting active exploitation in the wild. The flaw affects BerriAI's LiteLLM, a popular library that manages interactions with large language models.
The vulnerability is a command injection flaw with a CVSS severity score of 8.7. It allows authenticated users to execute arbitrary commands on affected systems. Security researchers have confirmed threat actors are actively weaponizing this vulnerability in real-world attacks.
LiteLLM serves as a proxy and abstraction layer for multiple LLM platforms including OpenAI, Anthropic, and Azure. Organizations use it to standardize API calls across different language model providers. The flaw's presence in this widely-deployed library amplifies its attack surface, as compromised instances can provide attackers a foothold to access downstream LLM infrastructure and associated data.
The command injection mechanism allows attackers to break out of intended command boundaries and execute system-level operations. Successful exploitation grants attackers code execution capabilities on the server running LiteLLM. This can lead to lateral movement across networks, data exfiltration, or deployment of persistent backdoors.
The timing of CISA's KEV addition signals federal recognition of the threat's operational severity. Organizations running LiteLLM should prioritize patching immediately. BerriAI has released fixes addressing the vulnerability. Security teams should audit logs for suspicious command patterns, monitor for unusual process execution tied to LiteLLM services, and validate that all instances are running patched versions.
The flaw demonstrates how vulnerabilities in infrastructure components supporting AI deployments can create widespread risk. LiteLLM's role as a middleware layer means a single compromise could impact multiple applications relying on the library. Teams managing AI platforms should include LiteLLM in their