# CVE-2026-42208

> LiteLLM is a proxy server (AI Gateway) to call LLM APIs in OpenAI (or native) format. From version 1.81.16 to before version 1.83.7, a database query used during proxy API key checks mixed the caller-supplied key value into the query text instead of passing it as a separate parameter. An unauthenticated attacker could send a specially crafted Authorization header to any LLM API route (for example POST /chat/completions) and reach this query through the proxy's error-handling path. An attacker could read data from the proxy's database and may be able to modify it, leading to unauthorised access

- **CVSS:** 9.3
- **EPSS:** 54.3%
- **CISA KEV:** yes (known ransomware use)
- **CWE:** CWE-89

Canonical: https://intel.threadlinqs.com/cve/CVE-2026-42208
Full threat coverage + IOCs via the Threadlinqs MCP server (Purple tier): https://intel.threadlinqs.com/mcp