Back to Blog
CVE-2026-42271: BerriAI LiteLLM — Unauthenticated RCE Chain Exposed (June 2026)
vulnerabilities

CVE-2026-42271: BerriAI LiteLLM — Unauthenticated RCE Chain Exposed (June 2026)

breachwire TeamJun 10, 20262 min read

CVE-2026-42271 — BerriAI LiteLLM

CVE-2026-42271 is a critical command injection vulnerability in BerriAI's LiteLLM, an AI gateway and Python SDK. With a combined CVSS score of 10.0, this flaw is under active exploitation. Attackers can chain it with CVE-2026-48710 (Starlette) to achieve unauthenticated remote code execution (RCE) on LiteLLM hosts.

Attack Vector

Attackers first exploit CVE-2026-48710 in Starlette to bypass authentication controls, then leverage CVE-2026-42271 in LiteLLM to inject and execute arbitrary system commands. This chain allows remote attackers to gain shell access, extract sensitive credentials, API keys, and secrets, and move laterally within the AI infrastructure. No authentication is required for full exploitation, and the attack can be performed remotely over the network. Indicators of compromise are not yet published, but organizations should monitor for unusual command execution and outbound connections from LiteLLM hosts.

Who Is at Risk

All organizations deploying BerriAI LiteLLM, especially those exposing the service to untrusted networks, are at immediate risk. BerriAI and LiteLLM users are confirmed affected. Any infrastructure relying on LiteLLM as an AI gateway or SDK, particularly in North America, should assume exposure until patched.

Patch & Mitigate

  • Patch: Upgrade LiteLLM to the latest patched version released June 2026. Apply the corresponding Starlette patch for CVE-2026-48710.
  • Workaround: Restrict network access to LiteLLM hosts and disable unnecessary API endpoints until patching is complete.
  • Detect: Review logs for unexpected command execution, abnormal process creation, and suspicious outbound traffic from LiteLLM hosts. Monitor for new or modified credentials and API keys.

MITRE ATT&CK

  • TA0001 — Initial Access: Attackers exploit public-facing LiteLLM services to gain entry.
  • TA0005 — Defense Evasion: Chained vulnerabilities allow bypass of authentication and logging controls.
  • TA0006 — Credential Access: Attackers can extract API keys and secrets from compromised hosts.

Source: https://thehackernews.com/2026/06/litellm-flaw-cve-2026-42271-exploited.html

View Original Source

Start Your 14-Day Free Trial

Get curated cyber intelligence delivered to your inbox every morning at 6 AM. No credit card required.

Get Started Free
Share this article:

Related Articles

CVE-2026-20253: Splunk Enterprise — Unauthenticated File Manipulation, RCE, SSRF, XSS (June 2026)
vulnerabilities

CVE-2026-20253: Splunk Enterprise — Unauthenticated File Manipulation, RCE, SSRF, XSS (June 2026)

2 min read
CVE-2026-5027: Langflow Path Traversal — Unauthenticated File Write Risk (June 2026)
vulnerabilities

CVE-2026-5027: Langflow Path Traversal — Unauthenticated File Write Risk (June 2026)

2 min read
CVE-2026-10520, CVE-2026-10523: Ivanti Sentry — Remote Root Code Execution Risk (June 2024)
vulnerabilities

CVE-2026-10520, CVE-2026-10523: Ivanti Sentry — Remote Root Code Execution Risk (June 2024)

2 min read