Skip to content
Verified reproduction

CVE-2026-42271: BerriAI LiteLLM SQL injection

CVE-2026-42271 is verified against BerriAI LiteLLM · pip affected versions: pip litellm >= 1.81.16, < 1.83.7 (also reported as v1.81.16 through v1.83.6) vulnerability class: SQLi This critical reproduction includes runnable sandbox proof, artifacts, and a plain-text agent view under REPRO-2026-00261.

REPRO-2026-00261 BerriAI LiteLLM · pip SQLi Variant found Jul 7, 2026 .txt
Severity CRITICAL
Confidence HIGH
Reproduced in 168m 42s
Tool calls 711
Spend $24.61
Affected pip litellm >= 1.81.16, < 1.83.7 (also reported as v1.81.16 through v1.83.6)
$ pruva-verify REPRO-2026-00261
or curl -O https://pruva.dev/api/v1/reproductions/REPRO-2026-00261/artifacts/bundle/repro/reproduction_steps.sh && chmod +x reproduction_steps.sh && ./reproduction_steps.sh
Run in a VM or disposable container. This exploits a real vulnerability.
02 · The vulnerability

BerriAI LiteLLM is affected by an unauthenticated SQL injection vulnerability. The API endpoint(s) processing proxy or admin requests construct raw SQL queries using attacker-controllable parameters without sufficient parameterization. A remote attacker can send a crafted request to extract or modify the LiteLLM database contents, leading to complete compromise of the API gateway configuration, keys, and logs. CISA KEV indicates active exploitation. Affected versions: LiteLLM proxy/admin API before the patch. Need to reproduce against a vulnerable install (e.g., pip install litellm) and demonstrate SQL injection through a network request. Patch should be identified from upstream commit/PR.

03 · Root cause
Variant analysis
04 · Reproduction transcript

The agent's step-by-step process — every tool call, every handoff, the moment the exploit fired. Phases: support triages the advisory · repro reproduces it · vuln_variant confirms the fix blocks it · judge verifies.

Loading session...

05 · Artifacts

Scripts, logs, diffs, and output captured during the reproduction.

bundle/artifact_promotion_manifest.json12.6 KB
bundle/artifact_promotion_report.json12.6 KB
bundle/vuln_variant/root_cause_equivalence.json1.1 KB
bundle/repro/reproduction_steps.sh19.7 KB
bundle/repro/rca_report.md8.8 KB
bundle/repro/validation_verdict.json0.7 KB
bundle/repro/runtime_manifest.json1.0 KB
bundle/logs/reproduction_steps.log4.0 KB
bundle/logs/postgres_repro.log165.6 KB
bundle/logs/source_delta.txt2.3 KB
bundle/logs/proxy_vulnerable.log4.1 KB
bundle/logs/proxy_fixed.log4.0 KB
bundle/logs/vuln_key_generate.json1.4 KB
bundle/logs/fixed_key_generate.json1.4 KB
bundle/logs/baseline_unknown.txt0.3 KB
bundle/logs/vulnerable_injection.txt3.1 KB
bundle/logs/fixed_injection.txt0.3 KB
bundle/repro/result.txt0.4 KB
bundle/vuln_variant/reproduction_steps.sh20.1 KB
bundle/vuln_variant/result.json1.2 KB
bundle/logs/vuln_variant/reproduction_steps.log4.4 KB
bundle/logs/vuln_variant/postgres_variant.log166.5 KB
bundle/vuln_variant/variant_manifest.json3.5 KB
bundle/vuln_variant/validation_verdict.json3.4 KB
bundle/vuln_variant/rca_report.md10.0 KB
bundle/vuln_variant/patch_analysis.md5.2 KB
bundle/vuln_variant/runtime_manifest.json1.0 KB
bundle/logs/vuln_variant/fixed_version.txt0.3 KB
bundle/logs/vuln_variant/source_delta_variant.txt2.5 KB
bundle/logs/vuln_variant/vulnerable_api_key_header.txt3.1 KB
bundle/logs/vuln_variant/fixed_api_key_header.txt0.3 KB
bundle/logs/vuln_variant/vulnerable_x_litellm_header.txt3.1 KB
bundle/logs/vuln_variant/fixed_x_litellm_header.txt0.3 KB
bundle/coding/proposed_fix.diff2.1 KB
bundle/coding/verify_fix.sh10.1 KB
bundle/coding/verify_work/verify_result.txt0.3 KB
bundle/logs/verify_injection.txt0.3 KB
bundle/logs/verify_valid_key.txt3.1 KB
bundle/coding/summary_report.md4.8 KB