CVE-2026-42271 | BerriAI LiteLLM up to 1.83.6 Endpoint connection command/args/env command injection

A vulnerability, which was classified as critical, was found in BerriAI LiteLLM up to 1.83.6. Affected by this issue is some unknown functionality of the file /mcp-rest/test/connection of the component Endpoint. Such manipulation of the argument command/args/env leads to command injection.

This vulnerability is referenced as CVE-2026-42271. It is possible to launch the attack remotely. No exploit is available.

You should upgrade the affected component.VulDB Recent EntriesRead More