Dan 🔓1h ago
I have other things I need to explore. I found a DoS (authed unfortunately) in #litellm as well but I want to do something creative with it.
Dan 🔓2h ago

I found a budget bypass in #LiteLLM, since they don't pay here you go https://github.com/LargeHardonCollider/litellm-infinite-money-glitch

#cybersecurity #ai #ml

GitHub - LargeHardonCollider/litellm-infinite-money-glitch

Contribute to LargeHardonCollider/litellm-infinite-money-glitch development by creating an account on GitHub.

GitHub
RedPacket SecurityMay 8

CVE Alert: CVE-2026-42208 - BerriAI - litellm - https://www.redpacketsecurity.com/cve-alert-cve-2026-42208-berriai-litellm/

#OSINT #ThreatIntel #CyberSecurity #cve-2026-42208 #berriai #litellm

CVE Alert: CVE-2026-42208 - BerriAI - litellm - RedPacket Security

LiteLLM is a proxy server (AI Gateway) to call LLM APIs in OpenAI (or native) format. From version 1.81.16 to before version 1.83.7, a database query used

RedPacket Security
Analyst207May 8

Data Breaches Surge, Exposing Sensitive Info at AI Startups, Agencies

Data breaches are surging, with AI startups and agencies exposed, as seen in the alarming theft of 10 petabytes from a Chinese supercomputer and 4 terabytes from AI startup Mercor due to a supply-chain vulnerability. These incidents highlight the hidden risks of connecting data to AI models, creating sensitive blind spots that leave large…

https://osintsights.com/data-breaches-surge-exposing-sensitive-info-at-ai-startups-agencies?utm_source=mastodon&utm_medium=social

#AiStartups #DataBreaches #EmergingThreats #Litellm #Mercor

Data Breaches Surge, Exposing Sensitive Info at AI Startups, Agencies

Learn how data breaches at AI startups and agencies expose sensitive info and discover steps to protect your organization from supply-chain attacks today.

OSINTSights
Greg Harvey 🌍May 6

Embeddings models from #Scaleway weren't working with #LiteLLM. Couple of hours of searching and testing, it's a three line fix. 😅

https://github.com/BerriAI/litellm/pull/25395/changes

fix(embedding): omit null encoding_format for openai requests by meutsabdahal · Pull Request #25395 · BerriAI/litellm

Relevant issues Fixes #25388 Pre-Submission checklist Please complete all items before asking a LiteLLM maintainer to review your PR I have Added testing in the tests/test_litellm/ directory, Add...

GitHub
The New OilApr 30

Hackers are exploiting a critical #LiteLLM pre-auth #SQLi flaw

https://www.bleepingcomputer.com/news/security/hackers-are-exploiting-a-critical-litellm-pre-auth-sqli-flaw/

#cybersecurity

Hackers are exploiting a critical LiteLLM pre-auth SQLi flaw

Hackers are targeting sensitive information stored in the LiteLLM open-source large-language model (LLM) gateway by exploiting a critical vulnerability  tracked as CVE-2026-42208.

BleepingComputer
securityaffairsApr 29
CVE-2026-42208: #LiteLLM bug exploited 36 hours after its disclosure
https://securityaffairs.com/191483/hacking/cve-2026-42208-litellm-bug-exploited-36-hours-after-its-disclosure.html
#securityaffairs #hacking
CVE-2026-42208: LiteLLM bug exploited 36 hours after its disclosure

Attackers quickly exploited a critical LiteLLM flaw (CVE-2026-42208) to access and modify sensitive database data via SQL injection.

Security Affairs
Tom's Hardware ItaliaApr 29

🔐 LiteLLM sotto assedio: scoperta falla che mette a rischio le chiavi IA. Tempo di rinforzare la sicurezza! #LiteLLM #CyberSecurity

🔗 https://www.tomshw.it/hardware/litellm-sotto-attacco-falla-espone-chiavi-ia

LiteLLM sotto attacco: la falla espone le chiavi IA

CVE-2026-42208 consente SQL injection senza login sul gateway LLM: nel mirino API key, token e segreti cloud già sfruttati.

Tom's Hardware
Analyst207Apr 29

LiteLLM SQL Flaw Exploited 36 Hours After Disclosure

A critical SQL injection flaw, CVE-2026-42208, was exploited just 36 hours after its disclosure, putting vulnerable LiteLLM versions at risk of unauthorized database access. The bug, with a CVSS score of 9.3, allows unauthenticated callers to reach a vulnerable database query through the proxy's error-handling path.

https://osintsights.com/litellm-sql-flaw-exploited-36-hours-after-disclosure?utm_source=mastodon&utm_medium=social

#SqlInjection #Litellm #Cve202642208 #Python #EmergingThreats

LiteLLM SQL Flaw Exploited 36 Hours After Disclosure

Learn how LiteLLM SQL flaw CVE-2026-42208 was exploited just 36 hours after disclosure and upgrade to secure version 1.83.7-stable now.

OSINTSights
Daniel MarshApr 29

Urgent security alert: Hackers are exploiting a pre-authentication SQL injection flaw (CVE-2026-42208) in LiteLLM, allowing them to bypass authentication and exfiltrate sensitive AI provider credentials. Sysdig Threat Research Team observed attackers moving directly to high-value tables, demonstrating precise knowledge. This vulnerability's impact is comparable to a full cloud-account…

https://www.tpp.blog/1dqwzx7

#cybersecurity #litellm #cve202642208

🤖 This post was AI-generated.