Security researchers on Tuesday disclosed a critical vulnerability in LiteLLM’s open-source AI gateway software, tracked as CVE-2026-42271, that is already being exploited in the wild to achieve unauthenticated remote code execution (RCE).
How CVE-2026-42271 Chains to Unauthenticated RCE
The flaw resides in LiteLLM’s proxy server component, which normally handles API request routing for large language models. According to a technical advisory published Tuesday, the vulnerability allows an attacker to send specially crafted HTTP requests that bypass authentication checks. When chained with a separate server-side request forgery (SSRF) issue in the same component, the weakness grants full unauthenticated command execution on the host server. The vulnerability carries a CVSS severity score of 9.8, rated critical.
Active Exploitation Spotted in the Wild
Multiple threat intelligence teams confirmed Monday that the flaw has been under active attack since at least June 6, 2026. Attackers are chaining the exploit to drop webshells, deploy cryptocurrency miners, and harvest API keys and credentials from compromised instances. The attacks appear opportunistic, scanning the internet for exposed LiteLLM installations, researchers said. One security operations firm described seeing over 900 exploitation attempts within the first 48 hours of the initial disclosure. This pattern mirrors recent incidents like the Palo Alto Networks firewall zero-day that was exploited for weeks before a fix arrived.
LiteLLM Issues Emergency Patch and Guidance
LiteLLM released an emergency security update late Monday, urging all users to immediately upgrade to LiteLLM version 1.32.1 or later. The company posted a security bulletin on its GitHub repository and official blog, confirming the CVE and outlining mitigation steps for organizations that cannot immediately patch. These include restricting network access to the admin interface and applying a Web Application Firewall rule to block malformed requests. The disclosure comes just months after LiteLLM ended its partnership with Delve amid controversy over data handling, putting the startup’s security practices under renewed scrutiny.
Wider AI Infrastructure Security Concerns
CVE-2026-42271 adds to a growing list of security gaps discovered in AI service platforms. In May, researchers flagged a Vertex AI blind spot that exposed Google Cloud customer data. The incident highlights a systemic risk: as organizations rush to integrate AI APIs, the middleware gateways that manage access often become high-value targets. Security experts advise enterprises to treat AI gateways with the same rigor as any critical infrastructure component, applying regular patching, network segmentation, and runtime integrity monitoring.
With exploitation continuing, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) is expected to add CVE-2026-42271 to its Known Exploited Vulnerabilities catalog in the coming days, giving federal agencies a strict 14-day patch deadline.
