Covered by FixVibecritical

LiteLLM SQL Piki nan proxy API Verifikasyon kle (CVE-2026-42208) ZXCVFIXVIBESEGEN ZXCVFIXVIBESEG1 LiteLLM vèsyon 1.81.16 a 1.83.6 vilnerab a yon piki SQL kritik nan verifikasyon kle Proxy API (CVE-2026-42208). Fiks nan 1.83.7. ZXCVFIXVIBESEGEN ZXCVFIXVIBESEG2 LiteLLM vèsyon 1.81.16 jiska 1.83.6 genyen yon vilnerabilite kritik piki SQL nan lojik verifikasyon kle Proxy CVE-2026-42208. Defo sa a pèmèt atakan ki pa otantifye kontoune kontwòl otantifikasyon oswa jwenn aksè nan baz done ki kache a. Pwoblèm nan rezoud nan vèsyon 1.83.7. ZXCVFIXVIBESEGEN ZXCVFIXVIBESEG3 ## Enpak ZXCVFIXVIBESEGEN ZXCVFIXVIBESEG4 LiteLLM gen yon vilnerabilite kritik piki SQL nan pwosesis verifikasyon kle proxy ZXCVFIXVIBETOKEN3ZXCV li CVE-2026-42208. Defo sa a pèmèt atakan ki pa otantifye kontoune chèk sekirite yo ak potansyèlman jwenn aksè oswa eksfiltre done ki soti nan baz done ki kache APIZXCVFIXVIBETOKEN2ZXCV. ZXCVFIXVIBESEGEN ZXCVFIXVIBESEG5 ## Kòz Rasin ZXCVFIXVIBESEGEN ZXCVFIXVIBESEG6 Pwoblèm nan idantifye kòm ZXCVFIXVIBETOKEN3ZXCV (SQL piki) CVE-2026-42208. Li sitiye nan lojik verifikasyon kle ZXCVFIXVIBETOKEN4ZXCV nan eleman LiteLLM Proxy API. Vilnerabilite a soti nan dezenfekte ensifizan nan opinyon yo itilize nan demann baz done ZXCVFIXVIBETOKEN2ZXCV. ZXCVFIXVIBESEGEN ZXCVFIXVIBESEG7 ## Vèsyon ki afekte yo ZXCVFIXVIBESEGEN ZXCVFIXVIBESEG8 Vèsyon LiteLLM 1.81.16 jiska 1.83.6 afekte pa vilnerabilite sa a CVE-2026-42208. ZXCVFIXVIBESEGEN ZXCVFIXVIBESEG9 ## Ranje konkrè ZXCVFIXVIBESEGEN ZXCVFIXVIBESEG10 Mete ajou LiteLLM nan vèsyon 1.83.7 oswa pi wo a pou diminye vilnerabilite sa a CVE-2026-42208. ZXCVFIXVIBESEGEN ZXCVFIXVIBESEG11 ## Kijan CVE-2026-42208 teste pou li ZXCVFIXVIBESEGEN ZXCVFIXVIBESEG12 ZXCVFIXVIBETOKEN5ZXCV kounye a gen ladan sa a nan ZXCVFIXVIBETOKEN6ZXCV analiz repo. Chèk la li dosye depandans depo otorize sèlman, tankou CVE-2026-42208, API, ZXCVFIXVIBETOKEN2ZXCV, ak ZXCVFIXVIBETOKEN3ZXCV. Li signalize pin LiteLLM oswa kontrent vèsyon ki matche ak seri ki afekte ZXCVFIXVIBETOKEN4ZXCV, Lè sa a, rapòte dosye depandans la, nimewo liy, idantite konsiltatif, seri ki afekte yo, ak vèsyon fiks yo. ZXCVFIXVIBESEGEN ZXCVFIXVIBESEG13 Sa a se yon chèk repo estatik pou lekti sèlman. Li pa egzekite kòd kliyan epi li pa voye eksplwate chaj.

LiteLLM versions 1.81.16 through 1.83.6 contain a critical SQL injection vulnerability in the Proxy API key verification logic. This flaw allows unauthenticated attackers to bypass authentication controls or access the underlying database. The issue is resolved in version 1.83.7.

CVE-2026-42208GHSA-r75f-5x8p-qvmcCWE-89

Impact

LiteLLM contains a critical SQL injection vulnerability in its Proxy API key verification process [S1]. This flaw allows unauthenticated attackers to bypass security checks and potentially access or exfiltrate data from the underlying database [S1][S3].

Root Cause

The issue is identified as CWE-89 (SQL Injection) [S1]. It is located in the API key verification logic of the LiteLLM Proxy component [S2]. The vulnerability stems from insufficient sanitization of input used in database queries [S1].

Affected Versions

LiteLLM versions 1.81.16 through 1.83.6 are affected by this vulnerability [S1].

Concrete Fixes

Update LiteLLM to version 1.83.7 or higher to mitigate this vulnerability [S1].

How FixVibe tests for it

FixVibe now includes this in GitHub repo scans. The check reads authorized repository dependency files only, including requirements.txt, pyproject.toml, poetry.lock, and Pipfile.lock. It flags LiteLLM pins or version constraints that match the affected range >=1.81.16 <1.83.7, then reports the dependency file, line number, advisory IDs, affected range, and fixed version.

This is a static, read-only repo check. It does not execute customer code and does not send exploit payloads.