LiteLLM Vulnerability Enables Remote Code Execution

EXECUTIVE SUMMARY:

Multiple security vulnerabilities have been identified in LiteLLM, a popular open-source AI gateway proxy, and its dependency Starlette, affecting versions 1.74.2 through 1.83.6. The vulnerabilities include remote code execution and authentication bypass, allowing unauthenticated attackers to execute arbitrary commands on the host system. This poses a significant business risk, as successful exploitation can lead to unauthorized access to sensitive data, lateral movement into connected infrastructure, and disruption of AI services.[emaillocker id="1283"]

• CVE-2026-42271 with a CVSS score of 10.0 – This command injection flaw in LiteLLM's Model Context Protocol server test endpoints allows attackers to spawn arbitrary subprocesses on the host, and when chained with another vulnerability, enables unauthenticated remote code execution.

• CVE-2026-48710 – This Starlette "BadHost" Host Header validation bypass vulnerability allows attackers to sidestep LiteLLM's API key requirement, enabling exploitation of the command injection flaw without credentials.

The overall risk and urgency of these vulnerabilities are high, as they can be exploited by unauthenticated attackers to gain significant control over AI infrastructure. If exploited, organizations may face significant business consequences, including unauthorized access to sensitive data, disruption of AI services, and potential lateral movement into connected systems, ultimately leading to broader AI supply chain exposure.

RECOMMENDATION:

We recommend you to update LiteLLM to version 1.83.7 or later and Starlette to version 1.0.1 or later.

REFERENCES:

The following reports contain further technical details:
https://cybersecuritynews.com/litellm-rce-vulnerability-exploited/