📧 info@ciso.sa | 📱 +966550939344 | Riyadh, Kingdom of Saudi Arabia
About FAQ Contact Us Terms of Service Privacy Policy 🌐 العربية
🔐

Welcome — Sign in or create an account for full access.

🔑 Sign In ✨ Register
🌐 العربية Sign In Create Account
🔧 Scheduled Maintenance — Saturday 2:00-4:00 AM AST. Some features may be temporarily unavailable.    ●   
💎
Pro Plan 50% Off Unlock all AI features, unlimited reports, and priority support. Upgrade
Search Center
ESC to close
navigate open Ctrl+K search
CISO Consulting
Global general Artificial Intelligence and Software Development LOW 48m Global general Artificial Intelligence and Cybersecurity MEDIUM 1h Global malware Software Development / Technology HIGH 1h Global vulnerability Information Technology HIGH 2h Global data_breach Water Utilities / Critical Infrastructure HIGH 2h Global general Cybersecurity Services HIGH 2h Global data_breach Pharmaceutical HIGH 3h Global vulnerability Technology, Artificial Intelligence CRITICAL 3h Global vulnerability Information Technology CRITICAL 4h Global phishing Gaming and Entertainment HIGH 4h Global general Artificial Intelligence and Software Development LOW 48m Global general Artificial Intelligence and Cybersecurity MEDIUM 1h Global malware Software Development / Technology HIGH 1h Global vulnerability Information Technology HIGH 2h Global data_breach Water Utilities / Critical Infrastructure HIGH 2h Global general Cybersecurity Services HIGH 2h Global data_breach Pharmaceutical HIGH 3h Global vulnerability Technology, Artificial Intelligence CRITICAL 3h Global vulnerability Information Technology CRITICAL 4h Global phishing Gaming and Entertainment HIGH 4h Global general Artificial Intelligence and Software Development LOW 48m Global general Artificial Intelligence and Cybersecurity MEDIUM 1h Global malware Software Development / Technology HIGH 1h Global vulnerability Information Technology HIGH 2h Global data_breach Water Utilities / Critical Infrastructure HIGH 2h Global general Cybersecurity Services HIGH 2h Global data_breach Pharmaceutical HIGH 3h Global vulnerability Technology, Artificial Intelligence CRITICAL 3h Global vulnerability Information Technology CRITICAL 4h Global phishing Gaming and Entertainment HIGH 4h
Vulnerabilities

CVE-2026-42271

High 🇺🇸 CISA KEV
CWE-77 — Weakness Type
Published: May 8, 2026  ·  Modified: May 15, 2026  ·  Source: NVD
CVSS v3
8.8
🔗 NVD Official
📄 Description (English)

LiteLLM is a proxy server (AI Gateway) to call LLM APIs in OpenAI (or native) format. From version 1.74.2 to before version 1.83.7, two endpoints used to preview an MCP server before saving it — POST /mcp-rest/test/connection and POST /mcp-rest/test/tools/list — accepted a full server configuration in the request body, including the command, args, and env fields used by the stdio transport. When called with a stdio configuration, the endpoints attempted to connect, which spawned the supplied command as a subprocess on the proxy host with the privileges of the proxy process. The endpoints were gated only by a valid proxy API key, with no role check. Any authenticated user — including holders of low-privilege internal-user keys — could therefore run arbitrary commands on the host. This issue has been patched in version 1.83.7.

🤖 AI Executive Summary

LiteLLM versions 1.74.2 to 1.83.6 contain a critical command injection vulnerability in MCP server preview endpoints that allows authenticated users with low-privilege API keys to execute arbitrary commands on the proxy host. The vulnerability affects two endpoints (/mcp-rest/test/connection and /mcp-rest/test/tools/list) that lack proper role-based access controls and validation of server configuration parameters. This poses an immediate risk to organizations using LiteLLM as an AI Gateway, potentially enabling lateral movement and system compromise.

📄 Description (Arabic)

🤖 AI Intelligence Analysis Analyzed: May 12, 2026 14:49
🇸🇦 Saudi Arabia Impact Assessment
Saudi organizations leveraging LiteLLM for AI Gateway implementations face critical risk, particularly in: (1) Banking sector (SAMA-regulated institutions) using LiteLLM for customer-facing AI services and internal automation; (2) Government agencies (NCA oversight) deploying LiteLLM for digital transformation initiatives; (3) Healthcare providers integrating LiteLLM for clinical decision support; (4) Energy sector (ARAMCO and subsidiaries) using LiteLLM for operational AI systems; (5) Telecom operators (STC, Mobily) implementing AI-powered customer service. The vulnerability enables privilege escalation from low-privilege API keys to full system command execution, potentially compromising sensitive data, disrupting critical services, and enabling supply chain attacks through compromised AI infrastructure.
🏢 Affected Saudi Sectors
Banking and Financial Services Government and Public Administration Healthcare and Medical Services Energy and Utilities Telecommunications Technology and Software Development E-commerce and Retail
⚖️ Saudi Risk Score (AI)
9.2
/ 10.0
🔧 Remediation Steps (English)
IMMEDIATE ACTIONS:

1. Identify all LiteLLM deployments in your environment and document their versions

2. Restrict network access to LiteLLM proxy endpoints to trusted internal networks only

3. Revoke or rotate all low-privilege API keys immediately

4. Enable comprehensive audit logging for all /mcp-rest/* endpoint calls

5. Monitor process execution logs for suspicious subprocess spawning



PATCHING GUIDANCE:

1. Upgrade LiteLLM to version 1.83.7 or later immediately

2. Test patches in non-production environments first

3. Implement staged rollout with monitoring for production systems

4. Verify patch application by checking version output



COMPENSATING CONTROLS (if immediate patching not possible):

1. Disable MCP server preview endpoints entirely if not required

2. Implement network-level access controls restricting /mcp-rest/test/* endpoints to administrative users only

3. Deploy Web Application Firewall (WAF) rules to block requests to vulnerable endpoints

4. Implement API gateway authentication requiring multi-factor authentication for MCP operations

5. Use container/VM isolation to limit blast radius of command execution



DETECTION RULES:

1. Alert on POST requests to /mcp-rest/test/connection or /mcp-rest/test/tools/list endpoints

2. Monitor for subprocess spawning from LiteLLM process with unusual parent-child relationships

3. Detect API calls with stdio transport configurations in request bodies

4. Flag authentication events using low-privilege internal-user keys accessing MCP endpoints

5. Monitor for command execution patterns in LiteLLM process logs (bash, sh, cmd.exe, powershell)
🔧 خطوات المعالجة (العربية)
الإجراءات الفورية:

1. حدد جميع نشرات LiteLLM في بيئتك وتوثيق إصداراتها

2. قيّد الوصول إلى شبكة نقاط نهاية وكيل LiteLLM للشبكات الداخلية الموثوقة فقط

3. أبطل أو أعد تعيين جميع مفاتيح API منخفضة الامتيازات فوراً

4. فعّل تسجيل التدقيق الشامل لجميع استدعاءات نقطة النهاية /mcp-rest/*

5. راقب سجلات تنفيذ العملية للبحث عن عمليات فرعية مريبة



إرشادات التصحيح:

1. ارقِ LiteLLM إلى الإصدار 1.83.7 أو أحدث فوراً

2. اختبر التصحيحات في بيئات غير الإنتاج أولاً

3. طبّق الطرح المرحلي مع المراقبة لأنظمة الإنتاج

4. تحقق من تطبيق التصحيح بفحص إخراج الإصدار



عناصر التحكم التعويضية (إذا لم يكن التصحيح الفوري ممكناً):

1. عطّل نقاط نهاية معاينة خادم MCP بالكامل إذا لم تكن مطلوبة

2. طبّق عناصر تحكم الوصول على مستوى الشبكة تقيد نقاط النهاية /mcp-rest/test/* للمستخدمين الإداريين فقط

3. نشّر قواعد جدار حماية تطبيقات الويب (WAF) لحظر الطلبات إلى نقاط النهاية الضعيفة

4. طبّق مصادقة بوابة API تتطلب المصادقة متعددة العوامل لعمليات MCP

5. استخدم عزل الحاوية/الآلة الافتراضية لتحديد نطاق تأثير تنفيذ الأوامر



قواعد الكشف:

1. تنبيهات على طلبات POST إلى نقاط النهاية /mcp-rest/test/connection أو /mcp-rest/test/tools/list

2. راقب عمليات فرعية تنفيذ من عملية LiteLLM بعلاقات أب-طفل غير عادية

3. كشف استدعاءات API بتكوينات نقل stdio في أجسام الطلب

4. علّم أحداث المصادقة باستخدام مفاتيح المستخدم الداخلي منخفضة الامتيازات للوصول إلى نقاط نهاية MCP

5. راقب أنماط تنفيذ الأوامر في سجلات عملية LiteLLM (bash, sh, cmd.exe, powershell)
📋 Regulatory Compliance Mapping
🟢 NCA ECC 2024
A.5.1.1 - Information security policies and procedures A.6.1.1 - User registration and access rights management A.6.2.1 - User access provisioning A.8.2.1 - User endpoint devices A.8.3.1 - Password management A.12.4.1 - Event logging A.12.4.3 - Administrator and operator logs A.14.2.1 - Secure development policy
🔵 SAMA CSF
ID.AM-1 - Asset Management ID.AC-1 - Access Control Policy PR.AC-1 - Identity and Access Management PR.AC-3 - Access Enforcement DE.AE-3 - Event Detection DE.CM-1 - System Monitoring RS.AN-1 - Notifications from Detection Systems
🟡 ISO 27001:2022
A.5.1.1 - Information security policies A.6.1.1 - User registration and access rights A.6.2.1 - User access provisioning A.8.1.1 - User endpoint device policy A.8.2.1 - User endpoint devices A.8.3.1 - Password management A.12.4.1 - Event logging A.12.4.3 - Administrator and operator logs A.14.2.1 - Secure development policy
🟣 PCI DSS v4.0.1
Requirement 2.1 - Default security parameters Requirement 6.2 - Security patches Requirement 7.1 - Limit access to system components Requirement 8.1 - User identification and authentication Requirement 10.2 - Automated audit trails
📦 Affected Products / CPE 1 entries
litellm:litellm
📊 CVSS Score
8.8
/ 10.0 — High
📊 CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack VectorN — None / Network
Attack ComplexityL — Low / Local
Privileges RequiredL — Low / Local
User InteractionN — None / Network
ScopeU — Unchanged
ConfidentialityH — High
IntegrityH — High
AvailabilityH — High
📋 Quick Facts
Severity High
CVSS Score8.8
CWECWE-77
EPSS0.05%
Exploit No
Patch ✓ Yes
CISA KEV🇺🇸 Yes
Published 2026-05-08
Source Feed nvd
🇸🇦 Saudi Risk Score
9.2
/ 10.0 — Saudi Risk
Priority: CRITICAL
🏷️ Tags
patch-available CWE-77
🏢 Vendor Advisories
🔗 https://github.com/BerriAI/litellm/security/advisori...
⚡ Actions
🔗 NVD Official Page ⚡ Exploit-DB Search 🐙 GitHub PoC Search 🎯 MITRE ATT&CK 📊 CVE Details
Share this CVE
LinkedIn X / Twitter WhatsApp Telegram
📣 Found this valuable?
Share it with your cybersecurity network
in LinkedIn 𝕏 X / Twitter 💬 WhatsApp ✈ Telegram
🍪 Privacy Preferences
CISO Consulting — Compliant with Saudi Personal Data Protection Law (PDPL)
We use cookies and similar technologies to provide the best experience on our platform. You can choose which types you accept.
🔒
Essential Always On
Required for the website to function properly. Cannot be disabled.
📋 Sessions, CSRF tokens, authentication, language preferences
📊
Analytics
Help us understand how visitors use the site and improve performance.
📋 Page views, session duration, traffic sources, performance metrics
⚙️
Functional
Enable enhanced features like content personalization and preferences.
📋 Dark/light theme, font size, custom dashboards, saved filters
📣
Marketing
Used to deliver content and ads relevant to your interests.
📋 Campaign tracking, retargeting, social media analytics
Privacy Policy →
CISO AI Assistant
Ask anything · Documents · Support
🔐

Introduce Yourself

Enter your details to access the full assistant

Your info is private and never shared
💬
CyberAssist
Online · responds in seconds
5 / 5
🔐 Verify Your Identity

Enter your email to receive a verification code before submitting a support request.

Enter to send · / for commands 0 / 2000
CISO AI · Powered by Anthropic Claude
✦ Quick Survey Help Us Improve CISO Consulting Your feedback shapes the future of our platform — takes less than 2 minutes.
⚠ Please answer this question to continue

How would you rate your overall experience with our platform?

Rate from 1 (poor) to 5 (excellent)

🎉
Thank you!
Your response has been recorded.