{"uuid": "286f70ec-d142-4bf5-a9b5-02f37dec03aa", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42271", "type": "seen", "source": "https://bsky.app/profile/modat-io.bsky.social/post/3mnuh5fp4ls23", "content": "\u26a0\ufe0f CISA added CVE-2026-42271 to KEV: Command injection in LiteLLM gateway (1.74.2\u20131.83.7). MCP preview endpoints spawn attacker commands on the proxy host, gated only by an API key, so any authenticated user gets command execution. Patch to 1.83.7+. Query: product=\"LiteLLM API\" OR product=\"LiteLLM\"", "creation_timestamp": "2026-06-09T14:52:34.060857Z"}