Threat actors are actively exploiting a critical chained vulnerability in LiteLLM, a popular open-source AI gateway proxy, allowing unauthenticated remote code execution (RCE) on vulnerable deployments. Researchers at Horizon3.ai confirmed that combining two CVEs creates a CVSS 10.0 Critical attack path requiring zero credentials. At the core of this threat is CVE-2026-42271, a command injection […]
The post Hackers Exploiting LiteLLM RCE Vulnerability in the Wild to Run Arbitrary Commands appeared first on Cyber Security News.