On June 8, 2026, CISA added CVE-2026-42271 to its Known Exploited Vulnerabilities catalog.

On June 8, 2026, CISA added CVE-2026-42271 to its Known Exploited Vulnerabilities catalog. This vulnerability affects BerriAI's LiteLLM and allows any authenticated user, including low-privilege internal-user key holders, to run arbitrary commands on the host (CISA KEV). The advisory notes that the vulnerability has CWE-78 and CWE-77 classifications and requires immediate mitigation per vendor instructions. The CVSS score and exploitation details are available in the GitHub advisory. This is a significant security risk for organizations using LiteLLM, potentially allowing attackers to compromise host systems. The due date for action is June 22, 2026. This event weakens trust in LiteLLM's security posture and may lead to customer churn or stricter adoption requirements.