Receive daily AI-curated summaries of engineering articles from top tech companies worldwide.

The Hacker News

|Security

LiteLLM Flaw CVE-2026-42271 Exploited in the Wild, Chains to Unauthenticated RCE

2026-06-09

1 min read

by info@thehackernews.com (The Hacker News)

CISA added LiteLLM CVE-2026-42271 to its Known Exploited Vulnerabilities catalog due to active exploitation.

•CVE-2026-42271 (CVSS 8.7) allows authenticated users to execute arbitrary commands via MCP test endpoints
•Affects LiteLLM versions >= 1.74.2 and < 1.83.7
•Chained with CVE-2026-48710 (Starlette host header bypass) achieves unauthenticated RCE with CVSS 10.0
•Version 1.83.7 patch restricts endpoints to PROXY_ADMIN role; requires Starlette 1.0.1+

This summary was automatically generated by AI based on the original article and may not be fully accurate.

Related Articles