The Hacker News reports that CISA added CVE-2026-42271 in the open-source LiteLLM AI gateway to its Known Exploited Vulnerabilities catalog after active exploitation, with maintainers patching command-injection paths tied to MCP server preview endpoints.
LiteLLM Flaw CVE-2026-42271 Exploited in the Wild, Chains to Unauthenticated RCE
The Hacker News reports that CISA added CVE-2026-42271 in the open-source LiteLLM AI gateway to its Known Exploited Vulnerabilities catalog after active exploitation, with maintainers patching command-injection paths tied to MCP server preview endpoints.
Source: Thehackernews