Vulnerability-Lookup

RHSA-2026:27784

Vulnerability from csaf_redhat - Published: 2026-06-22 05:11 - Updated: 2026-06-22 08:35

Summary

Red Hat Security Advisory: RHOAI 3.4.1 - Red Hat OpenShift AI

Severity

Important

Notes

Topic: Updated images are now available for Red Hat OpenShift AI.

Details: Release of RHOAI 3.4.1 provides these changes:

Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

CVE-2026-42271

A flaw was found in LiteLLM, a proxy server (AI Gateway) for Large Language Model (LLM) APIs. Two endpoints, used for previewing an MCP server before saving it, accepted a full server configuration including command execution parameters. An authenticated user, even with low-privilege internal-user keys, could exploit this by sending a crafted configuration. This allows for arbitrary command execution on the proxy host with the privileges of the proxy process.

8.8 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Affected products

Fixed 4 products

Product	Version	Remediation
Unresolved product id: Red Hat OpenShift AI 3.4:registry.redhat.io/rhoai/odh-trustyai-garak-lls-provider-dsp-rhel9@sha256:1c962bba45e5cddaadd8ceff241417f9c3686aba1df8b6b511caf5a9901f2c40_amd64	—	Vendor Fix fix
Unresolved product id: Red Hat OpenShift AI 3.4:registry.redhat.io/rhoai/odh-trustyai-garak-lls-provider-dsp-rhel9@sha256:1d6d4da4451688faa350b05558ed601e5c498b2382923f1bf45fc41958b098f6_s390x	—	Vendor Fix fix
Unresolved product id: Red Hat OpenShift AI 3.4:registry.redhat.io/rhoai/odh-trustyai-garak-lls-provider-dsp-rhel9@sha256:305bf281a63bff13b96466fb7adfd0962ac28e92d649ad692a86eb10db89a1a0_arm64	—	Vendor Fix fix
Unresolved product id: Red Hat OpenShift AI 3.4:registry.redhat.io/rhoai/odh-trustyai-garak-lls-provider-dsp-rhel9@sha256:5149bc20e5d0a9e281ca3330d000d613b5987f46996e771067532af0fe3e0fb8_ppc64le	—	Vendor Fix fix

Known not affected 5 products

Product	Identifier	Version	Remediation
Unresolved product id: Red Hat OpenShift AI 3.4:registry.redhat.io/rhoai/odh-operator-bundle@sha256:0efd1bb73b277b4cdca47bcb424679de6fd094d04e73e7a3ed0c470e8040b440_amd64		—
Unresolved product id: Red Hat OpenShift AI 3.4:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:4b8e9cda02c30b95aa6e483dd9f90b2e27b9093212c6c3d956be8da3dd00dd16_s390x		—
Unresolved product id: Red Hat OpenShift AI 3.4:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:72648350ddd7a3401542e90f923df38adb4ee75ded438dade1bc472566f474dc_ppc64le		—
Unresolved product id: Red Hat OpenShift AI 3.4:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:76341c99cdb9a4321a37a58b1757ed0327bcf8d3adfa5688109f138a16b5ef04_amd64		—
Unresolved product id: Red Hat OpenShift AI 3.4:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:cc6f060d37c92ea68c955e637e6291863272c1992ba86bc872989c4b566fc8bf_arm64		—

Threats

Exploit Status CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog

Impact Important

References

12 references

URL	Category
https://access.redhat.com/errata/RHSA-2026:27784	self
https://access.redhat.com/security/cve/CVE-2026-42271	external
https://docs.redhat.com/en/documentation/red_hat_…	external
https://access.redhat.com/security/updates/classi…	external
https://security.access.redhat.com/data/csaf/v2/a…	self
https://access.redhat.com/security/cve/CVE-2026-42271	self
https://bugzilla.redhat.com/show_bug.cgi?id=2467924	external
https://www.cve.org/CVERecord?id=CVE-2026-42271	external
https://nvd.nist.gov/vuln/detail/CVE-2026-42271	external
https://github.com/BerriAI/litellm/releases/tag/v…	external
https://github.com/BerriAI/litellm/security/advis…	external
https://www.cisa.gov/known-exploited-vulnerabilit…	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Updated images are now available for Red Hat OpenShift AI.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "Release of RHOAI 3.4.1 provides these changes:",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2026:27784",
        "url": "https://access.redhat.com/errata/RHSA-2026:27784"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/cve/CVE-2026-42271",
        "url": "https://access.redhat.com/security/cve/CVE-2026-42271"
      },
      {
        "category": "external",
        "summary": "https://docs.redhat.com/en/documentation/red_hat_openshift_ai/",
        "url": "https://docs.redhat.com/en/documentation/red_hat_openshift_ai/"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/",
        "url": "https://access.redhat.com/security/updates/classification/"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_27784.json"
      }
    ],
    "title": "Red Hat Security Advisory: RHOAI 3.4.1 - Red Hat OpenShift AI",
    "tracking": {
      "current_release_date": "2026-06-22T08:35:05+00:00",
      "generator": {
        "date": "2026-06-22T08:35:05+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "5.0.0"
        }
      },
      "id": "RHSA-2026:27784",
      "initial_release_date": "2026-06-22T05:11:35+00:00",
      "revision_history": [
        {
          "date": "2026-06-22T05:11:35+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2026-06-22T07:18:24+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2026-06-22T08:35:05+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat OpenShift AI 3.4",
                "product": {
                  "name": "Red Hat OpenShift AI 3.4",
                  "product_id": "Red Hat OpenShift AI 3.4",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:openshift_ai:3.4::el9"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat OpenShift AI"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "registry.redhat.io/rhoai/odh-operator-bundle@sha256:0efd1bb73b277b4cdca47bcb424679de6fd094d04e73e7a3ed0c470e8040b440_amd64",
                "product": {
                  "name": "registry.redhat.io/rhoai/odh-operator-bundle@sha256:0efd1bb73b277b4cdca47bcb424679de6fd094d04e73e7a3ed0c470e8040b440_amd64",
                  "product_id": "registry.redhat.io/rhoai/odh-operator-bundle@sha256:0efd1bb73b277b4cdca47bcb424679de6fd094d04e73e7a3ed0c470e8040b440_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/odh-operator-bundle@sha256%3A0efd1bb73b277b4cdca47bcb424679de6fd094d04e73e7a3ed0c470e8040b440?arch=amd64\u0026repository_url=registry.redhat.io/rhoai/odh-operator-bundle\u0026tag=1781682120"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "registry.redhat.io/rhoai/odh-rhel9-operator@sha256:76341c99cdb9a4321a37a58b1757ed0327bcf8d3adfa5688109f138a16b5ef04_amd64",
                "product": {
                  "name": "registry.redhat.io/rhoai/odh-rhel9-operator@sha256:76341c99cdb9a4321a37a58b1757ed0327bcf8d3adfa5688109f138a16b5ef04_amd64",
                  "product_id": "registry.redhat.io/rhoai/odh-rhel9-operator@sha256:76341c99cdb9a4321a37a58b1757ed0327bcf8d3adfa5688109f138a16b5ef04_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/odh-rhel9-operator@sha256%3A76341c99cdb9a4321a37a58b1757ed0327bcf8d3adfa5688109f138a16b5ef04?arch=amd64\u0026repository_url=registry.redhat.io/rhoai/odh-rhel9-operator\u0026tag=1781681524"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "registry.redhat.io/rhoai/odh-trustyai-garak-lls-provider-dsp-rhel9@sha256:1c962bba45e5cddaadd8ceff241417f9c3686aba1df8b6b511caf5a9901f2c40_amd64",
                "product": {
                  "name": "registry.redhat.io/rhoai/odh-trustyai-garak-lls-provider-dsp-rhel9@sha256:1c962bba45e5cddaadd8ceff241417f9c3686aba1df8b6b511caf5a9901f2c40_amd64",
                  "product_id": "registry.redhat.io/rhoai/odh-trustyai-garak-lls-provider-dsp-rhel9@sha256:1c962bba45e5cddaadd8ceff241417f9c3686aba1df8b6b511caf5a9901f2c40_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/odh-trustyai-garak-lls-provider-dsp-rhel9@sha256%3A1c962bba45e5cddaadd8ceff241417f9c3686aba1df8b6b511caf5a9901f2c40?arch=amd64\u0026repository_url=registry.redhat.io/rhoai/odh-trustyai-garak-lls-provider-dsp-rhel9\u0026tag=1781622627"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "amd64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "registry.redhat.io/rhoai/odh-rhel9-operator@sha256:72648350ddd7a3401542e90f923df38adb4ee75ded438dade1bc472566f474dc_ppc64le",
                "product": {
                  "name": "registry.redhat.io/rhoai/odh-rhel9-operator@sha256:72648350ddd7a3401542e90f923df38adb4ee75ded438dade1bc472566f474dc_ppc64le",
                  "product_id": "registry.redhat.io/rhoai/odh-rhel9-operator@sha256:72648350ddd7a3401542e90f923df38adb4ee75ded438dade1bc472566f474dc_ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:oci/odh-rhel9-operator@sha256%3A72648350ddd7a3401542e90f923df38adb4ee75ded438dade1bc472566f474dc?arch=ppc64le\u0026repository_url=registry.redhat.io/rhoai/odh-rhel9-operator\u0026tag=1781681524"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "registry.redhat.io/rhoai/odh-trustyai-garak-lls-provider-dsp-rhel9@sha256:5149bc20e5d0a9e281ca3330d000d613b5987f46996e771067532af0fe3e0fb8_ppc64le",
                "product": {
                  "name": "registry.redhat.io/rhoai/odh-trustyai-garak-lls-provider-dsp-rhel9@sha256:5149bc20e5d0a9e281ca3330d000d613b5987f46996e771067532af0fe3e0fb8_ppc64le",
                  "product_id": "registry.redhat.io/rhoai/odh-trustyai-garak-lls-provider-dsp-rhel9@sha256:5149bc20e5d0a9e281ca3330d000d613b5987f46996e771067532af0fe3e0fb8_ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:oci/odh-trustyai-garak-lls-provider-dsp-rhel9@sha256%3A5149bc20e5d0a9e281ca3330d000d613b5987f46996e771067532af0fe3e0fb8?arch=ppc64le\u0026repository_url=registry.redhat.io/rhoai/odh-trustyai-garak-lls-provider-dsp-rhel9\u0026tag=1781622627"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "ppc64le"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "registry.redhat.io/rhoai/odh-rhel9-operator@sha256:4b8e9cda02c30b95aa6e483dd9f90b2e27b9093212c6c3d956be8da3dd00dd16_s390x",
                "product": {
                  "name": "registry.redhat.io/rhoai/odh-rhel9-operator@sha256:4b8e9cda02c30b95aa6e483dd9f90b2e27b9093212c6c3d956be8da3dd00dd16_s390x",
                  "product_id": "registry.redhat.io/rhoai/odh-rhel9-operator@sha256:4b8e9cda02c30b95aa6e483dd9f90b2e27b9093212c6c3d956be8da3dd00dd16_s390x",
                  "product_identification_helper": {
                    "purl": "pkg:oci/odh-rhel9-operator@sha256%3A4b8e9cda02c30b95aa6e483dd9f90b2e27b9093212c6c3d956be8da3dd00dd16?arch=s390x\u0026repository_url=registry.redhat.io/rhoai/odh-rhel9-operator\u0026tag=1781681524"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "registry.redhat.io/rhoai/odh-trustyai-garak-lls-provider-dsp-rhel9@sha256:1d6d4da4451688faa350b05558ed601e5c498b2382923f1bf45fc41958b098f6_s390x",
                "product": {
                  "name": "registry.redhat.io/rhoai/odh-trustyai-garak-lls-provider-dsp-rhel9@sha256:1d6d4da4451688faa350b05558ed601e5c498b2382923f1bf45fc41958b098f6_s390x",
                  "product_id": "registry.redhat.io/rhoai/odh-trustyai-garak-lls-provider-dsp-rhel9@sha256:1d6d4da4451688faa350b05558ed601e5c498b2382923f1bf45fc41958b098f6_s390x",
                  "product_identification_helper": {
                    "purl": "pkg:oci/odh-trustyai-garak-lls-provider-dsp-rhel9@sha256%3A1d6d4da4451688faa350b05558ed601e5c498b2382923f1bf45fc41958b098f6?arch=s390x\u0026repository_url=registry.redhat.io/rhoai/odh-trustyai-garak-lls-provider-dsp-rhel9\u0026tag=1781622627"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "s390x"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "registry.redhat.io/rhoai/odh-rhel9-operator@sha256:cc6f060d37c92ea68c955e637e6291863272c1992ba86bc872989c4b566fc8bf_arm64",
                "product": {
                  "name": "registry.redhat.io/rhoai/odh-rhel9-operator@sha256:cc6f060d37c92ea68c955e637e6291863272c1992ba86bc872989c4b566fc8bf_arm64",
                  "product_id": "registry.redhat.io/rhoai/odh-rhel9-operator@sha256:cc6f060d37c92ea68c955e637e6291863272c1992ba86bc872989c4b566fc8bf_arm64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/odh-rhel9-operator@sha256%3Acc6f060d37c92ea68c955e637e6291863272c1992ba86bc872989c4b566fc8bf?arch=arm64\u0026repository_url=registry.redhat.io/rhoai/odh-rhel9-operator\u0026tag=1781681524"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "registry.redhat.io/rhoai/odh-trustyai-garak-lls-provider-dsp-rhel9@sha256:305bf281a63bff13b96466fb7adfd0962ac28e92d649ad692a86eb10db89a1a0_arm64",
                "product": {
                  "name": "registry.redhat.io/rhoai/odh-trustyai-garak-lls-provider-dsp-rhel9@sha256:305bf281a63bff13b96466fb7adfd0962ac28e92d649ad692a86eb10db89a1a0_arm64",
                  "product_id": "registry.redhat.io/rhoai/odh-trustyai-garak-lls-provider-dsp-rhel9@sha256:305bf281a63bff13b96466fb7adfd0962ac28e92d649ad692a86eb10db89a1a0_arm64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/odh-trustyai-garak-lls-provider-dsp-rhel9@sha256%3A305bf281a63bff13b96466fb7adfd0962ac28e92d649ad692a86eb10db89a1a0?arch=arm64\u0026repository_url=registry.redhat.io/rhoai/odh-trustyai-garak-lls-provider-dsp-rhel9\u0026tag=1781622627"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "arm64"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "registry.redhat.io/rhoai/odh-operator-bundle@sha256:0efd1bb73b277b4cdca47bcb424679de6fd094d04e73e7a3ed0c470e8040b440_amd64 as a component of Red Hat OpenShift AI 3.4",
          "product_id": "Red Hat OpenShift AI 3.4:registry.redhat.io/rhoai/odh-operator-bundle@sha256:0efd1bb73b277b4cdca47bcb424679de6fd094d04e73e7a3ed0c470e8040b440_amd64"
        },
        "product_reference": "registry.redhat.io/rhoai/odh-operator-bundle@sha256:0efd1bb73b277b4cdca47bcb424679de6fd094d04e73e7a3ed0c470e8040b440_amd64",
        "relates_to_product_reference": "Red Hat OpenShift AI 3.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "registry.redhat.io/rhoai/odh-rhel9-operator@sha256:4b8e9cda02c30b95aa6e483dd9f90b2e27b9093212c6c3d956be8da3dd00dd16_s390x as a component of Red Hat OpenShift AI 3.4",
          "product_id": "Red Hat OpenShift AI 3.4:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:4b8e9cda02c30b95aa6e483dd9f90b2e27b9093212c6c3d956be8da3dd00dd16_s390x"
        },
        "product_reference": "registry.redhat.io/rhoai/odh-rhel9-operator@sha256:4b8e9cda02c30b95aa6e483dd9f90b2e27b9093212c6c3d956be8da3dd00dd16_s390x",
        "relates_to_product_reference": "Red Hat OpenShift AI 3.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "registry.redhat.io/rhoai/odh-rhel9-operator@sha256:72648350ddd7a3401542e90f923df38adb4ee75ded438dade1bc472566f474dc_ppc64le as a component of Red Hat OpenShift AI 3.4",
          "product_id": "Red Hat OpenShift AI 3.4:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:72648350ddd7a3401542e90f923df38adb4ee75ded438dade1bc472566f474dc_ppc64le"
        },
        "product_reference": "registry.redhat.io/rhoai/odh-rhel9-operator@sha256:72648350ddd7a3401542e90f923df38adb4ee75ded438dade1bc472566f474dc_ppc64le",
        "relates_to_product_reference": "Red Hat OpenShift AI 3.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "registry.redhat.io/rhoai/odh-rhel9-operator@sha256:76341c99cdb9a4321a37a58b1757ed0327bcf8d3adfa5688109f138a16b5ef04_amd64 as a component of Red Hat OpenShift AI 3.4",
          "product_id": "Red Hat OpenShift AI 3.4:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:76341c99cdb9a4321a37a58b1757ed0327bcf8d3adfa5688109f138a16b5ef04_amd64"
        },
        "product_reference": "registry.redhat.io/rhoai/odh-rhel9-operator@sha256:76341c99cdb9a4321a37a58b1757ed0327bcf8d3adfa5688109f138a16b5ef04_amd64",
        "relates_to_product_reference": "Red Hat OpenShift AI 3.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "registry.redhat.io/rhoai/odh-rhel9-operator@sha256:cc6f060d37c92ea68c955e637e6291863272c1992ba86bc872989c4b566fc8bf_arm64 as a component of Red Hat OpenShift AI 3.4",
          "product_id": "Red Hat OpenShift AI 3.4:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:cc6f060d37c92ea68c955e637e6291863272c1992ba86bc872989c4b566fc8bf_arm64"
        },
        "product_reference": "registry.redhat.io/rhoai/odh-rhel9-operator@sha256:cc6f060d37c92ea68c955e637e6291863272c1992ba86bc872989c4b566fc8bf_arm64",
        "relates_to_product_reference": "Red Hat OpenShift AI 3.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "registry.redhat.io/rhoai/odh-trustyai-garak-lls-provider-dsp-rhel9@sha256:1c962bba45e5cddaadd8ceff241417f9c3686aba1df8b6b511caf5a9901f2c40_amd64 as a component of Red Hat OpenShift AI 3.4",
          "product_id": "Red Hat OpenShift AI 3.4:registry.redhat.io/rhoai/odh-trustyai-garak-lls-provider-dsp-rhel9@sha256:1c962bba45e5cddaadd8ceff241417f9c3686aba1df8b6b511caf5a9901f2c40_amd64"
        },
        "product_reference": "registry.redhat.io/rhoai/odh-trustyai-garak-lls-provider-dsp-rhel9@sha256:1c962bba45e5cddaadd8ceff241417f9c3686aba1df8b6b511caf5a9901f2c40_amd64",
        "relates_to_product_reference": "Red Hat OpenShift AI 3.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "registry.redhat.io/rhoai/odh-trustyai-garak-lls-provider-dsp-rhel9@sha256:1d6d4da4451688faa350b05558ed601e5c498b2382923f1bf45fc41958b098f6_s390x as a component of Red Hat OpenShift AI 3.4",
          "product_id": "Red Hat OpenShift AI 3.4:registry.redhat.io/rhoai/odh-trustyai-garak-lls-provider-dsp-rhel9@sha256:1d6d4da4451688faa350b05558ed601e5c498b2382923f1bf45fc41958b098f6_s390x"
        },
        "product_reference": "registry.redhat.io/rhoai/odh-trustyai-garak-lls-provider-dsp-rhel9@sha256:1d6d4da4451688faa350b05558ed601e5c498b2382923f1bf45fc41958b098f6_s390x",
        "relates_to_product_reference": "Red Hat OpenShift AI 3.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "registry.redhat.io/rhoai/odh-trustyai-garak-lls-provider-dsp-rhel9@sha256:305bf281a63bff13b96466fb7adfd0962ac28e92d649ad692a86eb10db89a1a0_arm64 as a component of Red Hat OpenShift AI 3.4",
          "product_id": "Red Hat OpenShift AI 3.4:registry.redhat.io/rhoai/odh-trustyai-garak-lls-provider-dsp-rhel9@sha256:305bf281a63bff13b96466fb7adfd0962ac28e92d649ad692a86eb10db89a1a0_arm64"
        },
        "product_reference": "registry.redhat.io/rhoai/odh-trustyai-garak-lls-provider-dsp-rhel9@sha256:305bf281a63bff13b96466fb7adfd0962ac28e92d649ad692a86eb10db89a1a0_arm64",
        "relates_to_product_reference": "Red Hat OpenShift AI 3.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "registry.redhat.io/rhoai/odh-trustyai-garak-lls-provider-dsp-rhel9@sha256:5149bc20e5d0a9e281ca3330d000d613b5987f46996e771067532af0fe3e0fb8_ppc64le as a component of Red Hat OpenShift AI 3.4",
          "product_id": "Red Hat OpenShift AI 3.4:registry.redhat.io/rhoai/odh-trustyai-garak-lls-provider-dsp-rhel9@sha256:5149bc20e5d0a9e281ca3330d000d613b5987f46996e771067532af0fe3e0fb8_ppc64le"
        },
        "product_reference": "registry.redhat.io/rhoai/odh-trustyai-garak-lls-provider-dsp-rhel9@sha256:5149bc20e5d0a9e281ca3330d000d613b5987f46996e771067532af0fe3e0fb8_ppc64le",
        "relates_to_product_reference": "Red Hat OpenShift AI 3.4"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2026-42271",
      "cwe": {
        "id": "CWE-78",
        "name": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)"
      },
      "discovery_date": "2026-05-08T04:02:12.169174+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "Red Hat OpenShift AI 3.4:registry.redhat.io/rhoai/odh-operator-bundle@sha256:0efd1bb73b277b4cdca47bcb424679de6fd094d04e73e7a3ed0c470e8040b440_amd64",
            "Red Hat OpenShift AI 3.4:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:4b8e9cda02c30b95aa6e483dd9f90b2e27b9093212c6c3d956be8da3dd00dd16_s390x",
            "Red Hat OpenShift AI 3.4:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:72648350ddd7a3401542e90f923df38adb4ee75ded438dade1bc472566f474dc_ppc64le",
            "Red Hat OpenShift AI 3.4:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:76341c99cdb9a4321a37a58b1757ed0327bcf8d3adfa5688109f138a16b5ef04_amd64",
            "Red Hat OpenShift AI 3.4:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:cc6f060d37c92ea68c955e637e6291863272c1992ba86bc872989c4b566fc8bf_arm64"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2467924"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in LiteLLM, a proxy server (AI Gateway) for Large Language Model (LLM) APIs. Two endpoints, used for previewing an MCP server before saving it, accepted a full server configuration including command execution parameters. An authenticated user, even with low-privilege internal-user keys, could exploit this by sending a crafted configuration. This allows for arbitrary command execution on the proxy host with the privileges of the proxy process.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "litellm: LiteLLM: Authenticated command execution via MCP stdio test endpoints",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "This is an Important flaw affecting LiteLLM, as deployed in Red Hat products like Ansible Automation Platform and OpenShift AI. Authenticated users, even with low-privilege API keys, can execute arbitrary commands on the proxy host. This is due to insufficient role checks on specific endpoints that accept server configurations with command execution parameters.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat OpenShift AI 3.4:registry.redhat.io/rhoai/odh-trustyai-garak-lls-provider-dsp-rhel9@sha256:1c962bba45e5cddaadd8ceff241417f9c3686aba1df8b6b511caf5a9901f2c40_amd64",
          "Red Hat OpenShift AI 3.4:registry.redhat.io/rhoai/odh-trustyai-garak-lls-provider-dsp-rhel9@sha256:1d6d4da4451688faa350b05558ed601e5c498b2382923f1bf45fc41958b098f6_s390x",
          "Red Hat OpenShift AI 3.4:registry.redhat.io/rhoai/odh-trustyai-garak-lls-provider-dsp-rhel9@sha256:305bf281a63bff13b96466fb7adfd0962ac28e92d649ad692a86eb10db89a1a0_arm64",
          "Red Hat OpenShift AI 3.4:registry.redhat.io/rhoai/odh-trustyai-garak-lls-provider-dsp-rhel9@sha256:5149bc20e5d0a9e281ca3330d000d613b5987f46996e771067532af0fe3e0fb8_ppc64le"
        ],
        "known_not_affected": [
          "Red Hat OpenShift AI 3.4:registry.redhat.io/rhoai/odh-operator-bundle@sha256:0efd1bb73b277b4cdca47bcb424679de6fd094d04e73e7a3ed0c470e8040b440_amd64",
          "Red Hat OpenShift AI 3.4:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:4b8e9cda02c30b95aa6e483dd9f90b2e27b9093212c6c3d956be8da3dd00dd16_s390x",
          "Red Hat OpenShift AI 3.4:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:72648350ddd7a3401542e90f923df38adb4ee75ded438dade1bc472566f474dc_ppc64le",
          "Red Hat OpenShift AI 3.4:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:76341c99cdb9a4321a37a58b1757ed0327bcf8d3adfa5688109f138a16b5ef04_amd64",
          "Red Hat OpenShift AI 3.4:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:cc6f060d37c92ea68c955e637e6291863272c1992ba86bc872989c4b566fc8bf_arm64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2026-42271"
        },
        {
          "category": "external",
          "summary": "RHBZ#2467924",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2467924"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2026-42271",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-42271"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-42271",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42271"
        },
        {
          "category": "external",
          "summary": "https://github.com/BerriAI/litellm/releases/tag/v1.83.7-stable",
          "url": "https://github.com/BerriAI/litellm/releases/tag/v1.83.7-stable"
        },
        {
          "category": "external",
          "summary": "https://github.com/BerriAI/litellm/security/advisories/GHSA-v4p8-mg3p-g94g",
          "url": "https://github.com/BerriAI/litellm/security/advisories/GHSA-v4p8-mg3p-g94g"
        },
        {
          "category": "external",
          "summary": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
          "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
        }
      ],
      "release_date": "2026-05-08T03:35:16.758000+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2026-06-22T05:11:35+00:00",
          "details": "For Red Hat OpenShift AI 3.4.1 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this errata update:\n\nhttps://docs.redhat.com/en/documentation/red_hat_openshift_ai/",
          "product_ids": [
            "Red Hat OpenShift AI 3.4:registry.redhat.io/rhoai/odh-trustyai-garak-lls-provider-dsp-rhel9@sha256:1c962bba45e5cddaadd8ceff241417f9c3686aba1df8b6b511caf5a9901f2c40_amd64",
            "Red Hat OpenShift AI 3.4:registry.redhat.io/rhoai/odh-trustyai-garak-lls-provider-dsp-rhel9@sha256:1d6d4da4451688faa350b05558ed601e5c498b2382923f1bf45fc41958b098f6_s390x",
            "Red Hat OpenShift AI 3.4:registry.redhat.io/rhoai/odh-trustyai-garak-lls-provider-dsp-rhel9@sha256:305bf281a63bff13b96466fb7adfd0962ac28e92d649ad692a86eb10db89a1a0_arm64",
            "Red Hat OpenShift AI 3.4:registry.redhat.io/rhoai/odh-trustyai-garak-lls-provider-dsp-rhel9@sha256:5149bc20e5d0a9e281ca3330d000d613b5987f46996e771067532af0fe3e0fb8_ppc64le"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2026:27784"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "Red Hat OpenShift AI 3.4:registry.redhat.io/rhoai/odh-operator-bundle@sha256:0efd1bb73b277b4cdca47bcb424679de6fd094d04e73e7a3ed0c470e8040b440_amd64",
            "Red Hat OpenShift AI 3.4:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:4b8e9cda02c30b95aa6e483dd9f90b2e27b9093212c6c3d956be8da3dd00dd16_s390x",
            "Red Hat OpenShift AI 3.4:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:72648350ddd7a3401542e90f923df38adb4ee75ded438dade1bc472566f474dc_ppc64le",
            "Red Hat OpenShift AI 3.4:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:76341c99cdb9a4321a37a58b1757ed0327bcf8d3adfa5688109f138a16b5ef04_amd64",
            "Red Hat OpenShift AI 3.4:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:cc6f060d37c92ea68c955e637e6291863272c1992ba86bc872989c4b566fc8bf_arm64",
            "Red Hat OpenShift AI 3.4:registry.redhat.io/rhoai/odh-trustyai-garak-lls-provider-dsp-rhel9@sha256:1c962bba45e5cddaadd8ceff241417f9c3686aba1df8b6b511caf5a9901f2c40_amd64",
            "Red Hat OpenShift AI 3.4:registry.redhat.io/rhoai/odh-trustyai-garak-lls-provider-dsp-rhel9@sha256:1d6d4da4451688faa350b05558ed601e5c498b2382923f1bf45fc41958b098f6_s390x",
            "Red Hat OpenShift AI 3.4:registry.redhat.io/rhoai/odh-trustyai-garak-lls-provider-dsp-rhel9@sha256:305bf281a63bff13b96466fb7adfd0962ac28e92d649ad692a86eb10db89a1a0_arm64",
            "Red Hat OpenShift AI 3.4:registry.redhat.io/rhoai/odh-trustyai-garak-lls-provider-dsp-rhel9@sha256:5149bc20e5d0a9e281ca3330d000d613b5987f46996e771067532af0fe3e0fb8_ppc64le"
          ]
        }
      ],
      "threats": [
        {
          "category": "exploit_status",
          "date": "2026-06-08T00:00:00+00:00",
          "details": "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
        },
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "litellm: LiteLLM: Authenticated command execution via MCP stdio test endpoints"
    }
  ]
}

CVE-2026-42271 (GCVE-0-2026-42271)

Vulnerability from cvelistv5 – Published: 2026-05-08 03:35 – Updated: 2026-06-09 03:55

Title

LiteLLM: Authenticated command execution via MCP stdio test endpoints

Summary

LiteLLM is a proxy server (AI Gateway) to call LLM APIs in OpenAI (or native) format. From version 1.74.2 to before version 1.83.7, two endpoints used to preview an MCP server before saving it — POST /mcp-rest/test/connection and POST /mcp-rest/test/tools/list — accepted a full server configuration in the request body, including the command, args, and env fields used by the stdio transport. When called with a stdio configuration, the endpoints attempted to connect, which spawned the supplied command as a subprocess on the proxy host with the privileges of the proxy process. The endpoints were gated only by a valid proxy API key, with no role check. Any authenticated user — including holders of low-privilege internal-user keys — could therefore run arbitrary commands on the host. This issue has been patched in version 1.83.7.

Severity

8.7 (High)


                        
                          CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:N/SA:N

SSVC

Exploitation: active Automatable: no Technical Impact: total

CISA Coordinator (v2.0.3)

CWE

CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')
CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Assigner

GitHub_M

References

3 references

URL	Tags
https://github.com/BerriAI/litellm/security/advis…	x_refsource_CONFIRM
https://github.com/BerriAI/litellm/releases/tag/v…	x_refsource_MISC
https://www.cisa.gov/known-exploited-vulnerabilit…	government-resource

Impacted products

1 product

Vendor	Product	Version
BerriAI	litellm	Affected: >= 1.74.2, < 1.83.7

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-42271",
                "options": [
                  {
                    "Exploitation": "active"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-05-08T00:00:00+00:00",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          },
          {
            "other": {
              "content": {
                "dateAdded": "2026-06-08",
                "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-42271"
              },
              "type": "kev"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-06-09T03:55:26.815Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "references": [
          {
            "tags": [
              "government-resource"
            ],
            "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-42271"
          }
        ],
        "timeline": [
          {
            "lang": "en",
            "time": "2026-06-08T00:00:00.000Z",
            "value": "CVE-2026-42271 added to CISA KEV"
          }
        ],
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "litellm",
          "vendor": "BerriAI",
          "versions": [
            {
              "status": "affected",
              "version": "\u003e= 1.74.2, \u003c 1.83.7"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "LiteLLM is a proxy server (AI Gateway) to call LLM APIs in OpenAI (or native) format. From version 1.74.2 to before version 1.83.7, two endpoints used to preview an MCP server before saving it \u2014 POST /mcp-rest/test/connection and POST /mcp-rest/test/tools/list \u2014 accepted a full server configuration in the request body, including the command, args, and env fields used by the stdio transport. When called with a stdio configuration, the endpoints attempted to connect, which spawned the supplied command as a subprocess on the proxy host with the privileges of the proxy process. The endpoints were gated only by a valid proxy API key, with no role check. Any authenticated user \u2014 including holders of low-privilege internal-user keys \u2014 could therefore run arbitrary commands on the host. This issue has been patched in version 1.83.7."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "attackComplexity": "LOW",
            "attackRequirements": "PRESENT",
            "attackVector": "NETWORK",
            "baseScore": 8.7,
            "baseSeverity": "HIGH",
            "privilegesRequired": "LOW",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "HIGH",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "HIGH",
            "vulnConfidentialityImpact": "HIGH",
            "vulnIntegrityImpact": "HIGH"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-77",
              "description": "CWE-77: Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-78",
              "description": "CWE-78: Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-05-08T03:35:16.758Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/BerriAI/litellm/security/advisories/GHSA-v4p8-mg3p-g94g",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/BerriAI/litellm/security/advisories/GHSA-v4p8-mg3p-g94g"
        },
        {
          "name": "https://github.com/BerriAI/litellm/releases/tag/v1.83.7-stable",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/BerriAI/litellm/releases/tag/v1.83.7-stable"
        }
      ],
      "source": {
        "advisory": "GHSA-v4p8-mg3p-g94g",
        "discovery": "UNKNOWN"
      },
      "title": "LiteLLM: Authenticated command execution via MCP stdio test endpoints"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2026-42271",
    "datePublished": "2026-05-08T03:35:16.758Z",
    "dateReserved": "2026-04-26T11:53:27.707Z",
    "dateUpdated": "2026-06-09T03:55:26.815Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

RHSA-2026:27784

CVE-2026-42271 (GCVE-0-2026-42271)

Tags

Sightings

Nomenclature