Share
## https://sploitus.com/exploit?id=83147CB4-EDC3-57ED-85A7-4EF3893454E3
# CVE-2026-42208 โ LiteLLM SQL Injection Scanner ๐ค
Detects SQL injection vulnerabilities in **BerriAI LiteLLM** proxy instances. LiteLLM is a popular open-source LLM gateway used by many AI applications.
## Features
- Endpoint discovery for LiteLLM instances
- SQL injection testing on exposed endpoints
- LiteLLM instance fingerprinting
- Multiple SQLi payload types (MySQL, MSSQL, PostgreSQL)
## Installation
```bash
git clone https://github.com/ridhinva/litellm-scanner.git
cd litellm-scanner
pip install requests
```
## Usage
```bash
python3 litellm_scanner.py https://target-litellm.com
python3 litellm_scanner.py targets.txt
```
## Example
```bash
$ python3 litellm_scanner.py https://llm-gateway.company.com
[+] https://llm-gateway.company.com
[ENDPOINT] /health/liveliness (Health endpoint) - 200
[LITELLM] Confirmed LiteLLM instance
[ENDPOINT] /models (Models list) - 200
[SQLI] Possible SQL injection at /models (payload: single_quote)
```
## References
- CVE-2026-42208: BerriAI LiteLLM SQL Injection
- CISA KEV: 2026-05-22
## Author
@c_y_p_h3r