LiteLLM SQL Injection (CVE-2026-42208) Exploited Within 36 Hours of Disclosure

A pre-authentication SQL injection vulnerability in LiteLLM (CVE-2026-42208, CVSS 9.3) — the open-source LLM gateway with 22,000+ GitHub stars — was exploited just 36 hours after its public disclosure on April 24. Attackers targeted three high-value database tables containing API keys, provider credentials, and environment variable configurations. The attacks used customized schema enumeration (not generic SQLmap) and demonstrated prior knowledge of LiteLLM's Prisma-generated PostgreSQL identifier casing. Affected versions are v1.81.16 through v1.83.6; fixed in v1.83.7. No follow-through (credential reuse or key minting) has been observed.