CVE-2026-42271 – LiteLLM

CVSS 8.8 IMPORTANT Critical or Zero Day – Immediate Deployment

“An AI gateway becomes a system gateway when users can execute commands on the host.”

BerriAI patched CVE-2026-42271 in LiteLLM. Versions 1.74.2 through 1.83.6 allowed authenticated users to abuse MCP server testing endpoints to execute arbitrary commands on the host running the LiteLLM proxy. The vulnerable endpoints accepted full server configurations and could spawn attacker-supplied commands as subprocesses with the privileges of the proxy process. The CVSS score is 8.7, which is High severity.

The issue stems from insufficient authorization controls on MCP preview functionality. Any authenticated user with a valid proxy API key, including low-privilege internal users, could execute commands on the underlying system. This vulnerability enables remote code execution and has been patched in version 1.83.7. Active exploitation has been reported.

Key Details

Affected Product
Litellm Litellm
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
CWE Classification
CWE-77
Patch this CVE on all your endpoints in under 5 minutes. First 200 endpoints are free forever, scale as needed.