On June 8, 2026, CISA added CVE-2026-42271 to its Known Exploited Vulnerabilities (KEV) catalog.

On June 8, 2026, CISA added CVE-2026-42271 to its Known Exploited Vulnerabilities (KEV) catalog. The vulnerability affects BerriAI's LiteLLM, an AI gateway product. It allows any authenticated user, including low-privilege internal-user keys, to execute arbitrary commands on the host (CISA KEV). Organizations must mitigate by June 22, 2026 or discontinue use of the product if mitigations are unavailable. LiteLLM's PyPI releases show rapid versioning post-disclosure: versions 1.84.6 through 1.89.0rc2 were published between June 6 and June 13, indicating active patching (PyPI). The official advisory and fix were released in version 1.83.7-stable (GitHub Advisory). Despite quick fixes, the inclusion in CISA KEV signals active exploitation and a high-severity security risk that undermines trust in the product. Users face pressure to apply patches urgently or risk compromise. This security incident negatively impacts LiteLLM's reputation and adoption, especially among enterprise customers requiring secure AI gateways.