<?xml version='1.0' encoding='UTF-8'?>
<?xml-stylesheet href="/static/style.xsl" type="text/xsl"?>
<feed xmlns="http://www.w3.org/2005/Atom" xml:lang="en">
  <id>https://vulnerability.circl.lu/sightings/feed</id>
  <title>Most recent sightings.</title>
  <updated>2026-07-17T10:15:40.437700+00:00</updated>
  <author>
    <name>Vulnerability-Lookup</name>
    <email>info@circl.lu</email>
  </author>
  <link href="https://vulnerability.circl.lu" rel="alternate"/>
  <generator uri="https://lkiesow.github.io/python-feedgen" version="1.0.0">python-feedgen</generator>
  <subtitle>Contains only the most 10 recent sightings.</subtitle>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/fc8539eb-ae85-4daa-bd15-508346342574/export</id>
    <title>fc8539eb-ae85-4daa-bd15-508346342574</title>
    <updated>2026-07-17T10:15:40.460977+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://cvepremium.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "fc8539eb-ae85-4daa-bd15-508346342574", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42208", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/89565", "content": "\ud83d\udea8 GitHub \u76d1\u63a7\u6d88\u606f\u63d0\u9192\n\n\ud83d\udea8 \u53d1\u73b0\u5173\u952e\u8bcd\uff1a #CVE-2026 #POC\n\n\ud83d\udce6 \u9879\u76ee\u540d\u79f0\uff1a CVE-2026-42208-LAB\n\ud83d\udc64 \u9879\u76ee\u4f5c\u8005\uff1a yendpoint\n\ud83d\udee0 \u5f00\u53d1\u8bed\u8a00\uff1a Python\n\u2b50 Star\u6570\u91cf\uff1a 0  |  \ud83c\udf74 Fork\u6570\u91cf\uff1a 0\n\ud83d\udcc5 \u66f4\u65b0\u65f6\u95f4\uff1a 2026-06-18 23:41:29\n\n\ud83d\udcdd \u9879\u76ee\u63cf\u8ff0\uff1a\nA local lab for studying, reproducing, and verifying the patch for CVE-2026-42208: an unauthenticated SQL injection in LiteLLM's API key authentication path.\n\n\ud83d\udd17 \u70b9\u51fb\u8bbf\u95ee\u9879\u76ee\u5730\u5740", "creation_timestamp": "2026-07-15T00:00:09.358983Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/fc8539eb-ae85-4daa-bd15-508346342574/export"/>
    <published>2026-07-15T00:00:09.358983+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/b13e8eb5-72bd-4423-a2bc-81a3d1191ce6/export</id>
    <title>b13e8eb5-72bd-4423-a2bc-81a3d1191ce6</title>
    <updated>2026-07-17T10:15:40.462377+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://cvepremium.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "b13e8eb5-72bd-4423-a2bc-81a3d1191ce6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42208", "type": "seen", "source": "https://t.me/GithubRedTeam/89565", "content": "\ud83d\udea8 GitHub \u76d1\u63a7\u6d88\u606f\u63d0\u9192\n\n\ud83d\udea8 \u53d1\u73b0\u5173\u952e\u8bcd\uff1a #CVE-2026 #POC\n\n\ud83d\udce6 \u9879\u76ee\u540d\u79f0\uff1a CVE-2026-42208-LAB\n\ud83d\udc64 \u9879\u76ee\u4f5c\u8005\uff1a yendpoint\n\ud83d\udee0 \u5f00\u53d1\u8bed\u8a00\uff1a Python\n\u2b50 Star\u6570\u91cf\uff1a 0  |  \ud83c\udf74 Fork\u6570\u91cf\uff1a 0\n\ud83d\udcc5 \u66f4\u65b0\u65f6\u95f4\uff1a 2026-06-18 23:41:29\n\n\ud83d\udcdd \u9879\u76ee\u63cf\u8ff0\uff1a\nA local lab for studying, reproducing, and verifying the patch for CVE-2026-42208: an unauthenticated SQL injection in LiteLLM's API key authentication path.\n\n\ud83d\udd17 \u70b9\u51fb\u8bbf\u95ee\u9879\u76ee\u5730\u5740", "creation_timestamp": "2026-07-14T00:00:39.011857Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/b13e8eb5-72bd-4423-a2bc-81a3d1191ce6/export"/>
    <published>2026-07-14T00:00:39.011857+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/f4e2914e-d324-4451-b01a-5a28a30452fd/export</id>
    <title>f4e2914e-d324-4451-b01a-5a28a30452fd</title>
    <updated>2026-07-17T10:15:40.462480+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://cvepremium.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "f4e2914e-d324-4451-b01a-5a28a30452fd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42208", "type": "seen", "source": "https://t.me/GithubRedTeam/89565", "content": "\ud83d\udea8 GitHub \u76d1\u63a7\u6d88\u606f\u63d0\u9192\n\n\ud83d\udea8 \u53d1\u73b0\u5173\u952e\u8bcd\uff1a #CVE-2026 #POC\n\n\ud83d\udce6 \u9879\u76ee\u540d\u79f0\uff1a CVE-2026-42208-LAB\n\ud83d\udc64 \u9879\u76ee\u4f5c\u8005\uff1a yendpoint\n\ud83d\udee0 \u5f00\u53d1\u8bed\u8a00\uff1a Python\n\u2b50 Star\u6570\u91cf\uff1a 0  |  \ud83c\udf74 Fork\u6570\u91cf\uff1a 0\n\ud83d\udcc5 \u66f4\u65b0\u65f6\u95f4\uff1a 2026-06-18 23:41:29\n\n\ud83d\udcdd \u9879\u76ee\u63cf\u8ff0\uff1a\nA local lab for studying, reproducing, and verifying the patch for CVE-2026-42208: an unauthenticated SQL injection in LiteLLM's API key authentication path.\n\n\ud83d\udd17 \u70b9\u51fb\u8bbf\u95ee\u9879\u76ee\u5730\u5740", "creation_timestamp": "2026-07-13T22:00:23.155436Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/f4e2914e-d324-4451-b01a-5a28a30452fd/export"/>
    <published>2026-07-13T22:00:23.155436+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/ddfb183c-2490-4e23-94bb-87abd0fc9c6b/export</id>
    <title>ddfb183c-2490-4e23-94bb-87abd0fc9c6b</title>
    <updated>2026-07-17T10:15:40.462546+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://cvepremium.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "ddfb183c-2490-4e23-94bb-87abd0fc9c6b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42208", "type": "seen", "source": "https://t.me/bhhub/1194", "content": "Weekly 8 AI &amp;amp; Cyber signals to act on (May 11-17)\n\n#AISecurity@bhhub \n\n\u2728 Prompt Injection to Host RCE: Microsoft Discloses Two Critical Semantic Kernel Flaws (CVE-2026-25592 + CVE-2026-26030)\nURL\nA single injected prompt escalates to full host takeover in Microsoft's Semantic Kernel Python SDK (CVSS 10.0 arbitrary file write) and its .NET SessionsPythonPlugin.\n\n\u2728 LiteLLM Pre-Auth SQL Injection (CVE-2026-42208) Exploited 36 Hours After Disclosure \u2014 Now on CISA KEV\nURL\nAn unauthenticated attacker can read and modify the LLM gateway's database via a crafted Authorization header (CVSS 9.3); active exploitation began within 36 hours of the GitHub advisory, with CISA ordering federal patch by May 11.\n\n\u2728 Google GTIG Confirms First AI-Developed Zero-Day in the Wild \u2014 2FA Bypass Intended for Mass Exploitation\nURL\nA criminal group used an AI model to write a working 2FA-bypass exploit targeting a popular open-source web admin tool and planned a mass exploitation campaign.\n\n#AppSec@bhhub \n\n\u2728 Zero-Click RCE in Windsurf, Silent Exec in Cursor &amp;amp; Claude Code: OX Security's MCP Supply Chain Advisory (CVE-2026-30615)\nURL\nA prompt-injection flaw in the Model Context Protocol silently overwrites mcp.json and auto-registers a malicious STDIO server \u2014 in Windsurf (CVE-2026-30615) this requires zero user interaction; Cursor, VS Code, Claude Code, and Gemini-CLI are also affected, exposing an estimated 200,000 instances across a supply chain with 150M+ downloads.\n\n#RedTeam@bhhub \n\n\u2728 GTIG AI Threat Tracker (May 12): Adversaries Graduate to Industrial-Scale AI Use \u2014 APT45 Mass CVE Analysis, Autonomous Malware, Supply Chain Compromises\nURL\nGoogle's threat intelligence unit documents the transition from AI experimentation to industrialised adversarial workflows: APT45 submitting thousands of recursive CVE prompts, actors deploying AI-modified malware (CANFAIL, LONGSTREAM), and UNC6780 compromising Trivy, Checkmarx, and LiteLLM GitHub Actions in a coordinated supply chain campaign to steal cloud credentials at build time.\n\n\u2728 Decepticon v1.0.15: Open-Source Autonomous Red Team Agent Ships 17 Kill-Chain Specialists\nURL\nPurpleAILAB released a production-grade autonomous multi-agent hacking platform \u2014 17 specialist sub-agents cover every kill-chain phase from recon to persistence, running inside sandboxed Kali sessions with no human micromanagement required.\n\n#BlueTeam@bhhub\n\n\u2728 Microsoft MDASH: 100+ AI Agents Score 88.45% on CyberGym Benchmark, Uncover 16 Windows Vulns (4 Critical RCEs) in One Run\nURL\nMicrosoft's internal agentic scanner (MDASH) orchestrates more than 100 frontier and distilled models to autonomously find, debate, and prove bugs end-to-end \u2014 its first public run uncovered 16 Windows vulnerabilities including four critical RCEs in tcpip.sys and the IKEv2 service, scored 88.45% on CyberGym (next best: 83.1%), and achieved 100% recall on a five-year MSRC vuln set in tcpip.sys.\n\n\u2728 ARGUS: Provenance-Aware LLM Agent Defense Cuts Prompt Injection Success Rate to 3.8% While Preserving 87.5% Task Utility\nURL\nARGUS builds an influence provenance graph that tracks how untrusted context propagates into agent decisions and blocks execution unless the action is justified by trustworthy evidence \u2014 achieving 3.8% attack success rate (vs. 60\u201390% baselines) while remaining robust against adaptive white-box adversaries across four agentic domains and eight attack vectors.", "creation_timestamp": "2026-07-13T00:00:51.022243Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/ddfb183c-2490-4e23-94bb-87abd0fc9c6b/export"/>
    <published>2026-07-13T00:00:51.022243+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/cdcb46e2-23ed-4dc1-9026-c5f3e0c70f16/export</id>
    <title>cdcb46e2-23ed-4dc1-9026-c5f3e0c70f16</title>
    <updated>2026-07-17T10:15:40.462643+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://cvepremium.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "cdcb46e2-23ed-4dc1-9026-c5f3e0c70f16", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42208", "type": "seen", "source": "https://t.me/bhhub/1194", "content": "Weekly 8 AI &amp;amp; Cyber signals to act on (May 11-17)\n\n#AISecurity@bhhub \n\n\u2728 Prompt Injection to Host RCE: Microsoft Discloses Two Critical Semantic Kernel Flaws (CVE-2026-25592 + CVE-2026-26030)\nURL\nA single injected prompt escalates to full host takeover in Microsoft's Semantic Kernel Python SDK (CVSS 10.0 arbitrary file write) and its .NET SessionsPythonPlugin.\n\n\u2728 LiteLLM Pre-Auth SQL Injection (CVE-2026-42208) Exploited 36 Hours After Disclosure \u2014 Now on CISA KEV\nURL\nAn unauthenticated attacker can read and modify the LLM gateway's database via a crafted Authorization header (CVSS 9.3); active exploitation began within 36 hours of the GitHub advisory, with CISA ordering federal patch by May 11.\n\n\u2728 Google GTIG Confirms First AI-Developed Zero-Day in the Wild \u2014 2FA Bypass Intended for Mass Exploitation\nURL\nA criminal group used an AI model to write a working 2FA-bypass exploit targeting a popular open-source web admin tool and planned a mass exploitation campaign.\n\n#AppSec@bhhub \n\n\u2728 Zero-Click RCE in Windsurf, Silent Exec in Cursor &amp;amp; Claude Code: OX Security's MCP Supply Chain Advisory (CVE-2026-30615)\nURL\nA prompt-injection flaw in the Model Context Protocol silently overwrites mcp.json and auto-registers a malicious STDIO server \u2014 in Windsurf (CVE-2026-30615) this requires zero user interaction; Cursor, VS Code, Claude Code, and Gemini-CLI are also affected, exposing an estimated 200,000 instances across a supply chain with 150M+ downloads.\n\n#RedTeam@bhhub \n\n\u2728 GTIG AI Threat Tracker (May 12): Adversaries Graduate to Industrial-Scale AI Use \u2014 APT45 Mass CVE Analysis, Autonomous Malware, Supply Chain Compromises\nURL\nGoogle's threat intelligence unit documents the transition from AI experimentation to industrialised adversarial workflows: APT45 submitting thousands of recursive CVE prompts, actors deploying AI-modified malware (CANFAIL, LONGSTREAM), and UNC6780 compromising Trivy, Checkmarx, and LiteLLM GitHub Actions in a coordinated supply chain campaign to steal cloud credentials at build time.\n\n\u2728 Decepticon v1.0.15: Open-Source Autonomous Red Team Agent Ships 17 Kill-Chain Specialists\nURL\nPurpleAILAB released a production-grade autonomous multi-agent hacking platform \u2014 17 specialist sub-agents cover every kill-chain phase from recon to persistence, running inside sandboxed Kali sessions with no human micromanagement required.\n\n#BlueTeam@bhhub\n\n\u2728 Microsoft MDASH: 100+ AI Agents Score 88.45% on CyberGym Benchmark, Uncover 16 Windows Vulns (4 Critical RCEs) in One Run\nURL\nMicrosoft's internal agentic scanner (MDASH) orchestrates more than 100 frontier and distilled models to autonomously find, debate, and prove bugs end-to-end \u2014 its first public run uncovered 16 Windows vulnerabilities including four critical RCEs in tcpip.sys and the IKEv2 service, scored 88.45% on CyberGym (next best: 83.1%), and achieved 100% recall on a five-year MSRC vuln set in tcpip.sys.\n\n\u2728 ARGUS: Provenance-Aware LLM Agent Defense Cuts Prompt Injection Success Rate to 3.8% While Preserving 87.5% Task Utility\nURL\nARGUS builds an influence provenance graph that tracks how untrusted context propagates into agent decisions and blocks execution unless the action is justified by trustworthy evidence \u2014 achieving 3.8% attack success rate (vs. 60\u201390% baselines) while remaining robust against adaptive white-box adversaries across four agentic domains and eight attack vectors.", "creation_timestamp": "2026-07-12T06:00:05.227415Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/cdcb46e2-23ed-4dc1-9026-c5f3e0c70f16/export"/>
    <published>2026-07-12T06:00:05.227415+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/7f9a74e6-2bdc-45aa-917f-98aa365594c3/export</id>
    <title>7f9a74e6-2bdc-45aa-917f-98aa365594c3</title>
    <updated>2026-07-17T10:15:40.462736+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://cvepremium.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "7f9a74e6-2bdc-45aa-917f-98aa365594c3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42200", "type": "seen", "source": "https://bsky.app/profile/thehackerwire.bsky.social/post/3mpzwj4t67o25", "content": "\ud83d\udfe0 CVE-2026-42200 - High (8.8)\n\nCoolify is an open-source and self-hostable tool for managing servers, applications, and database...\n\nhttps://www.thehackerwire.com/vulnerability/CVE-2026-42200/\n\n#infosec #cybersecurity #CVE #vulnerability #security #patchstack", "creation_timestamp": "2026-07-07T06:01:13.277666Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/7f9a74e6-2bdc-45aa-917f-98aa365594c3/export"/>
    <published>2026-07-07T06:01:13.277666+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/849a99f6-42bb-45b8-bea2-bb72d6b91682/export</id>
    <title>849a99f6-42bb-45b8-bea2-bb72d6b91682</title>
    <updated>2026-07-17T10:15:40.462798+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://cvepremium.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "849a99f6-42bb-45b8-bea2-bb72d6b91682", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42200", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mpzpnah5yk2y", "content": "CVE-2026-42200 - Coolify: PostgreSQL Init Script Path Traversal Leads to Arbitrary File Write and Root RCE\nCVE ID : CVE-2026-42200\n \n Published : July 7, 2026, 2:48 a.m. | 1\u00a0hour ago\n \n Description : Coolify is an open-source and self-hostable tool for managing servers, applic...", "creation_timestamp": "2026-07-07T03:58:14.298954Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/849a99f6-42bb-45b8-bea2-bb72d6b91682/export"/>
    <published>2026-07-07T03:58:14.298954+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/f9737db0-a0a3-47a8-a2f0-6a514982494c/export</id>
    <title>f9737db0-a0a3-47a8-a2f0-6a514982494c</title>
    <updated>2026-07-17T10:15:40.462858+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://cvepremium.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "f9737db0-a0a3-47a8-a2f0-6a514982494c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42204", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mpzejfdhmj2y", "content": "CVE-2026-42204 - Coolify: Authenticated RCE via SHELL_SAFE_COMMAND_PATTERN regression \u2192 host root\nCVE ID : CVE-2026-42204\n \n Published : July 6, 2026, 10:16 p.m. | 1\u00a0hour, 31\u00a0minutes ago\n \n Description : Coolify is an open-source and self-hostable tool for managing servers, ap...", "creation_timestamp": "2026-07-07T00:39:13.769745Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/f9737db0-a0a3-47a8-a2f0-6a514982494c/export"/>
    <published>2026-07-07T00:39:13.769745+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/7f19ba20-f805-4d9b-a668-d3e1891fa978/export</id>
    <title>7f19ba20-f805-4d9b-a668-d3e1891fa978</title>
    <updated>2026-07-17T10:15:40.462929+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://cvepremium.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "7f19ba20-f805-4d9b-a668-d3e1891fa978", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42208", "type": "seen", "source": "https://bsky.app/profile/kriptabiz.bsky.social/post/3mph2eyvwy423", "content": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c CVE-2026-42208 \u0432 LiteLLM: \u0443\u0433\u0440\u043e\u0437\u044b \u0438 \u0441\u043f\u043e\u0441\u043e\u0431\u044b \u0437\u0430\u0449\u0438\u0442\u044b\n\n\n\nhttps://kripta.biz/posts/CB129B39-564F-412A-99C2-3B2117245CBC", "creation_timestamp": "2026-06-29T17:49:54.220413Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/7f19ba20-f805-4d9b-a668-d3e1891fa978/export"/>
    <published>2026-06-29T17:49:54.220413+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/8e78cef2-363e-4dc3-994e-8b872f5d9c95/export</id>
    <title>8e78cef2-363e-4dc3-994e-8b872f5d9c95</title>
    <updated>2026-07-17T10:15:40.462992+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://cvepremium.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "8e78cef2-363e-4dc3-994e-8b872f5d9c95", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42208", "type": "seen", "source": "https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/scanner/http/litellm_proxy_sqli.rb", "content": "{\"actions\": [], \"aliases\": [], \"arch\": \"\", \"author\": [\"Tencent YunDing Security Lab\", \"Kenneth LaCroix\"], \"autofilter_ports\": [80, 8080, 443, 8000, 8888, 8880, 8008, 3000, 8443], \"autofilter_services\": [\"http\", \"https\"], \"check\": true, \"default_credential\": false, \"description\": \"This module detects BerriAI LiteLLM proxy servers affected by\\n          CVE-2026-42208, an unauthenticated SQL injection. During API-key\\n          verification the proxy interpolates the raw Authorization bearer value\\n          into a PostgreSQL query (WHERE v.token = '') without\\n          parameterization. Because LiteLLM only hashes tokens that begin with\\n          \\\"sk-\\\", a bearer value that does not start with \\\"sk-\\\" reaches the query\\n          verbatim and is injectable. The failure path that performs the lookup is\\n          reachable before authentication. Affected versions are 1.81.16 through\\n          1.83.6 (fixed in 1.83.7).\\n\\n          The module confirms the flaw with a benign time-based check built on the\\n          framework's PostgreSQL time-based blind SQL injection library. It issues a\\n          request whose injected predicate sleeps only when a tautology is true and a\\n          second request whose predicate never sleeps, and reports the target\\n          vulnerable only when the first is delayed while the second returns promptly.\\n          A server that is merely slow delays both requests and is not flagged. The\\n          module does not read or exfiltrate data.\\n\\n          Detection requires the target to have provisioned at least one virtual\\n          key. The injectable predicate sits in a WHERE clause that PostgreSQL\\n          evaluates only against matching rows, so when the token table is empty\\n          the pg_sleep never executes and the proxy appears (falsely) safe. Any\\n          LiteLLM proxy in real use has issued keys; a freshly initialized proxy\\n          with an empty token table may not respond to the time-based probe.\", \"disclosure_date\": \"2026-04-20\", \"fullname\": \"auxiliary/scanner/http/litellm_proxy_sqli\", \"is_install_path\": true, \"mod_time\": \"2026-06-19 07:54:56 +0000\", \"name\": \"BerriAI LiteLLM Proxy Pre-Auth SQL Injection Scanner\", \"needs_cleanup\": false, \"notes\": {\"Reliability\": [], \"SideEffects\": [\"ioc-in-logs\"], \"Stability\": [\"crash-safe\"]}, \"path\": \"/modules/auxiliary/scanner/http/litellm_proxy_sqli.rb\", \"platform\": \"\", \"post_auth\": false, \"rank\": 300, \"ref_name\": \"scanner/http/litellm_proxy_sqli\", \"references\": [\"CVE-2026-42208\", \"GHSA-r75f-5x8p-qvmc\", \"URL-https://bishopfox.com/blog/cve-2026-42208-pre-authentication-sql-injection-in-litellm-proxy\"], \"rport\": 4000, \"session_types\": false, \"targets\": null, \"type\": \"auxiliary\"}", "creation_timestamp": "2026-06-24T15:45:11.740978Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/8e78cef2-363e-4dc3-994e-8b872f5d9c95/export"/>
    <published>2026-06-24T15:45:11.740978+00:00</published>
  </entry>
</feed>
