Main Vulnerability Database Vulnerabilities #VU128068

OS Command Injection in LiteLLM - CVE-2026-42271

Published: April 27, 2026 / Updated: June 8, 2026

Vulnerability identifier: #VU128068

CSH Severity: Medium

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A/U:Green

CVE-ID: CVE-2026-42271

CWE-ID: CWE-78

Exploitation vector: Remote access

Exploit availability: The vulnerability is being exploited in the wild

Vendor: LiteLLM

Affected software:
LiteLLM

Detailed vulnerability description

The vulnerability allows a remote user to execute arbitrary commands on the host.

The vulnerability exists due to improper neutralization of special elements used in an os command in the MCP stdio test endpoints when processing a full server configuration for stdio transport. A remote user can submit a specially crafted request containing command, args, and env fields to execute arbitrary commands on the host.

The issue affects POST /mcp-rest/test/connection and POST /mcp-rest/test/tools/list, and the supplied command is spawned as a subprocess with the privileges of the proxy process.

How to mitigate CVE-2026-42271

Install security update from vendor's website.

Sources

https://github.com/BerriAI/litellm/security/advisories/GHSA-v4p8-mg3p-g94g

OS Command Injection in LiteLLM - CVE-2026-42271

Detailed vulnerability description

How to mitigate CVE-2026-42271

Sources

Please verify you're human