CISA Alert: LiteLLM SQL Injection Actively Exploited

Severity: HIGH | Actively Exploited | Patch Immediately

Source: CISA Known Exploited Vulnerabilities (KEV) Catalog | CVE: CVE-2026-42208 | Vendor: BerriAI LiteLLM

The Threat

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added CVE-2026-42208 to its Known Exploited Vulnerabilities (KEV) Catalog, confirming that malicious actors are actively exploiting a SQL injection vulnerability in BerriAI LiteLLM - one of the most widely adopted open-source AI gateway and LLM proxy platforms in use today.

LiteLLM is used by organizations to manage and route requests across multiple large language model (LLM) providers - including OpenAI, Anthropic, and Google Gemini - from a single API interface. SQL injection vulnerabilities of this class allow an unauthenticated or low-privilege attacker to query, extract, modify, or delete data from the underlying database without authorization.

CISA's inclusion in the KEV Catalog is not a theoretical warning. It means threat actors are exploiting this vulnerability right now, in the wild, against real targets. East African organizations that have deployed LiteLLM as part of their AI infrastructure stack must treat this as an active incident response priority.

Impact Assessment for East African Organizations

The adoption of AI platforms across East Africa has accelerated sharply in 2025 and 2026. Commercial banks in Kenya, Ethiopia, and Uganda are deploying LLM-powered tools for customer service automation, fraud detection, and credit scoring. Government agencies in Somalia, Djibouti, and Rwanda are integrating AI gateways into GovTech platforms for document processing and citizen services.

A successful SQL injection attack against an LiteLLM-backed platform in this context could result in:

• Exfiltration of API keys used to access third-party LLM providers, allowing attackers to hijack AI services and incur massive costs or extract sensitive prompts
• Exposure of user queries and conversation logs stored in the database - a direct violation of Kenya's Data Protection Act 2019, Ethiopia's Personal Data Protection Proclamation, and applicable CBK and Bank of Uganda data governance guidelines
• Database manipulation that corrupts AI model routing configurations, causing service outages or silently redirecting traffic to attacker-controlled endpoints
• Lateral movement from the LiteLLM database into internal networks, particularly dangerous in financial sector environments where AI platforms sit adjacent to core banking systems

Organizations in the power and energy sector in Kenya and Ethiopia that are piloting AI-driven predictive maintenance or grid analytics tools built on LiteLLM are also at risk of operational disruption if the underlying data layer is compromised.

Immediate Actions - Do These Now

• Audit your AI stack immediately: Identify whether LiteLLM (BerriAI) is deployed anywhere in your environment, including by third-party vendors or managed service providers who supply AI-enabled tools to your organization.
• Apply the latest patch: Check the BerriAI LiteLLM GitHub repository and your vendor's advisory for the patched version and apply it immediately. Do not wait for a scheduled maintenance window.
• Rotate all API keys and credentials: Assume any API keys, database credentials, and secrets stored in or accessible by the LiteLLM instance may be compromised. Rotate them across all connected LLM providers (OpenAI, Azure, Anthropic, etc.) without delay.
• Review database access logs: Look for unusual query patterns, unexpected data exports, or access from unfamiliar IP addresses in the period before and after patching. Engage your SOC team or MSSP to conduct a targeted log review.
• Isolate until patched: If patching cannot be applied immediately, restrict network access to the LiteLLM API to trusted internal IP ranges only and disable public-facing endpoints. This is a temporary control, not a fix.

Regulatory Exposure for East African Organizations

A confirmed breach involving this vulnerability would trigger mandatory notification obligations under the Kenya Data Protection Act 2019, CBK's Cybersecurity Guidelines for banks, and the Communications Authority of Kenya's cybersecurity framework. Ethiopian organizations fall under the Computer Crime Proclamation No. 958/2016 and emerging data protection rules. Failure to act on a known, actively exploited vulnerability - especially one listed on CISA's KEV Catalog - removes any argument of reasonable diligence in the event of regulatory investigation.

DRONGO Recommendation

DRONGO's SOC team is actively monitoring for exploit signatures associated with CVE-2026-42208 across client environments in Kenya, Somalia, and Ethiopia. If your organization uses LiteLLM or any AI gateway platform and you are unsure of your exposure, our team can conduct a targeted vulnerability assessment and log review within 24 hours to determine whether your environment has been affected and what immediate remediation steps apply to your specific configuration.

Is your organization protected? Request a free security assessment.