Threat actors are actively exploiting a critical unauthenticated remote code execution (RCE) vulnerability in LiteLLM, a widely used open-source AI proxy gateway, by chaining two CVEs to fully bypass authentication and execute arbitrary commands on vulnerable hosts. Horizon3.ai researchers confirmed the chained exploitation path on June 1, 2026, revealing that CVE-2026-42271, a command injection flaw […]
The post LiteLLM RCE Vulnerability Exploited in the Wild to Run Commands appeared first on Cyber Security News.