4 articles tagged with "Litellm"
CVE-2026-42271 in LiteLLM chains with Starlette bypass for unauthenticated remote code execution. CISA adds to KEV catalog after active exploitation confirmed.
CVE-2026-42208 lets attackers steal API keys and forge admin sessions in LiteLLM without authentication. Exploitation began within 36 hours of public disclosure.
AI startup Mercor confirms breach via LiteLLM supply chain attack. Lapsus$ claims 4TB stolen including candidate data, source code, and API keys. Meta pauses contracts.
Malicious LiteLLM versions 1.82.7 and 1.82.8 deployed credential harvester, Kubernetes lateral movement tools, and persistent backdoor. Package sees 3 million daily downloads.