Known exploited
BerriAI
CVE published 2026-05-08
CVE-2026-42208
CVE-2026-42208 is a SQL injection vulnerability affecting BerriAI LiteLLM. CISA added it to the Known Exploited Vulnerabilities catalog on 2026-05-08 and set a remediation due date of 2026-05-11. In practical terms, this means defenders should treat it as an actively exploited issue and move quickly on vendor guidance, compensating controls, or removal where mitigation is not available.