SecurityThe Hacker Newsabout 3 hours ago

LiteLLM Flaw CVE-2026-42271 Exploited, Chains to RCE

1 min read

CISA added CVE-2026-42271 (CVSS 8.7) to its KEV catalog due to active exploitation. The command injection flaw in BerriAI LiteLLM allows authenticated users to run arbitrary commands. Horizon3.ai chained it with CVE-2026-48710 to bypass authentication and achieve unauthenticated remote code execution.

Level

Hype check

Tap to vote and see what everyone thinks.

#cisa #litellm #rce

Read full story

More to chew on!

Securityabout 17 hours ago

Critical UniFi OS bug lets hackers gain root without authentication

Securityabout 21 hours ago

Everest Forms Vulnerability Exploited to Hack WordPress Sites