{
  "title": "LiteLLM CVE-2026-42271: KEV Command Injection in AI Proxy Servers",
  "summary": "CISA added BerriAI LiteLLM CVE-2026-42271 to its KEV catalog on 2026-06-08 due to active exploitation. This high-severity command injection vulnerability in MCP server preview endpoints allows authenticated (or unauthenticated, when chained with CVE-2026-48710) users to run arbitrary shell commands on the host proxy.",
  "date": "2026-06-08",
  "severity": "critical",
  "tags": [
    "litellm",
    "cisa-kev",
    "remote-code-execution",
    "zero-day",
    "starlette"
  ],
  "sources_count": 3,
  "indicators": {
    "slug": "litellm-cve-2026-42271-kev",
    "since": "2026-06-08T00:00:00Z",
    "until": "2026-06-08T23:59:59Z",
    "ecosystem": "",
    "cves": [
      "CVE-2026-42271",
      "CVE-2026-48710"
    ],
    "cwes": [
      "CWE-78"
    ],
    "advisoryIds": [],
    "products": [],
    "packages": [],
    "versions": [],
    "affectedVersions": [],
    "fixedVersions": [],
    "files": [],
    "paths": [],
    "services": [],
    "domains": [],
    "urls": [],
    "ips": [],
    "hashes": [],
    "processPatterns": [],
    "networkPatterns": [],
    "telemetrySelectors": []
  }
}