CVE-2026-42208SQL Injection in Lightspeed-chatbot-rhel9

CWE-89SQL Injection5 documents5 sources
Severity
9.8CRITICAL
No vector
EPSS
No EPSS data
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
Ansible-automation-platform-26 Lightspeed-chatbot-rhel9Lightspeed-core Lightspeed-stack-rhel9Rhoai Odh-llama-stack-core-rhel9+1 more
Timeline
Latest updateApr 29

Description

Required Action: Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable. Exploitation References: https://webflow.sysdig.com/blog/cve-2026-42208-targeted-sql-injection-against-litellms-authentication-path-discovered-36-hours-following-vulnerability-disclosure

Affected Packages4 packages

🔴Vulnerability Details

1
VulnCheck
Vulnerability2026

📋Vendor Advisories

1
Red Hat
LiteLLM: LiteLLM: Unauthorized data access and modification via SQL injection2026-04-28

🕵️Threat Intelligence

2
Hackernews
LiteLLM CVE-2026-42208 SQL Injection Exploited within 36 Hours of Disclosure2026-04-29
Bleepingcomputer
Hackers are exploiting a critical LiteLLM pre-auth SQLi flaw2026-04-28

💬Community

1
Bugzilla
CVE-2026-42208 LiteLLM: LiteLLM: Unauthorized data access and modification via SQL injection2026-04-29
CVE-2026-42208 — SQL Injection | cvebase