CVE-2026-42271
Arbitrary Command Execution vulnerability in litellm (PyPI)

Arbitrary Command Execution No known exploit

What is CVE-2026-42271 About?

This vulnerability allows authenticated users with low-privilege API keys to execute arbitrary commands on the proxy host due to insufficient role checks on two preview endpoints. These endpoints accept a full server configuration, including command execution parameters, leading to severe system compromise. Exploitation is relatively easy for any authenticated user.

Affected Software

litellm >=1.74.2, <1.83.7

Technical Details

Two preview endpoints, POST /mcp-rest/test/connection and POST /mcp-rest/test/tools/list, in the affected system accept a full server configuration within their request bodies. This configuration explicitly includes fields such as command, args, and env, which are used by the stdio transport mechanism. When these endpoints are called with a stdio configuration, the system attempts to connect by spawning the provided command as a subprocess. Crucially, these endpoints are only gated by a valid proxy API key and lack any specific role-based access control. Consequently, any authenticated user, even those holding low-privilege internal-user keys, can craft a malicious request containing arbitrary commands. This allows them to execute these commands on the proxy host with the privileges of the proxy process, effectively achieving arbitrary command execution.

What is the Impact of CVE-2026-42271?

Successful exploitation may allow attackers to execute arbitrary commands on the proxy host, leading to full system compromise, data theft, or complete disruption of services.

What is the Exploitability of CVE-2026-42271?

Exploitation of this vulnerability is straightforward, requiring only a valid proxy API key, even a low-privilege one, and no further authentication or authorization. Attackers can send a crafted POST request to the /mcp-rest/test/connection or /mcp-rest/test/tools/list endpoints. The vulnerability is remote, as it can be triggered over the network. There are no complex prerequisites or special conditions beyond having an API key. The significant risk factor increasing exploitation likelihood is the widespread availability of low-privilege API keys in numerous deployments, making it an attractive target for internal attackers or those who have compromised a low-privilege account.

What are the Known Public Exploits?

PoC Author Link Commentary
No known exploits

What are the Available Fixes for CVE-2026-42271?

Available Upgrade Options

  • litellm
    • >=1.74.2, <1.83.7 → Upgrade to 1.83.7

Struggling with dependency upgrades?

See how Resolved Security's drop-in replacements make it simple.

Book a demo

Additional Resources

What are Similar Vulnerabilities to CVE-2026-42271?

Similar Vulnerabilities: CVE-2021-40438 , CVE-2022-26134 , CVE-2023-38814 , CVE-2024-21312 , CVE-2021-22946

All Rights reserved 2025
Privacy Policy