Share
## https://sploitus.com/exploit?id=83147CB4-EDC3-57ED-85A7-4EF3893454E3
# CVE-2026-42208 โ€” LiteLLM SQL Injection Scanner ๐Ÿค–

Detects SQL injection vulnerabilities in **BerriAI LiteLLM** proxy instances. LiteLLM is a popular open-source LLM gateway used by many AI applications.

## Features
- Endpoint discovery for LiteLLM instances
- SQL injection testing on exposed endpoints
- LiteLLM instance fingerprinting
- Multiple SQLi payload types (MySQL, MSSQL, PostgreSQL)

## Installation
```bash
git clone https://github.com/ridhinva/litellm-scanner.git
cd litellm-scanner
pip install requests
```

## Usage
```bash
python3 litellm_scanner.py https://target-litellm.com
python3 litellm_scanner.py targets.txt
```

## Example
```bash
$ python3 litellm_scanner.py https://llm-gateway.company.com
[+] https://llm-gateway.company.com
  [ENDPOINT] /health/liveliness (Health endpoint) - 200
  [LITELLM] Confirmed LiteLLM instance
  [ENDPOINT] /models (Models list) - 200
  [SQLI] Possible SQL injection at /models (payload: single_quote)
```

## References
- CVE-2026-42208: BerriAI LiteLLM SQL Injection
- CISA KEV: 2026-05-22

## Author
@c_y_p_h3r