Detect BerriAI LiteLLM SQL Injection Exploitation (CVE-2026-42208) in Google Chronicle
Detects exploitation attempts targeting a SQL injection vulnerability in BerriAI LiteLLM (CVE-2026-42208, CWE-89). LiteLLM is a widely deployed LLM proxy/gateway; successful exploitation allows unauthenticated or authenticated attackers to manipulate backend database queries, potentially exfiltrating API keys, user data, model configurations, and spend tracking records. This CVE is listed on the CISA KEV catalog, indicating active exploitation in the wild.
MITRE ATT&CK
YARA-L Detection Query
rule cve_2026_42208_litellm_sqli {
meta:
author = "df00tech"
description = "Detects SQL injection exploitation attempts against BerriAI LiteLLM (CVE-2026-42208)"
severity = "CRITICAL"
priority = "HIGH"
reference = "https://github.com/BerriAI/litellm/security/advisories/GHSA-r75f-5x8p-qvmc"
events:
$e.metadata.event_type = "NETWORK_HTTP"
$e.network.http.target_url = /\/(key|user|spend|model|team|chat\/completions)\//
(
$e.network.http.target_url = /(?i)('\s*OR\s*'|UNION\s+SELECT|--\s|%27|0x27|1=1)/
or
$e.network.http.request_body = /(?i)('\s*OR\s*'|UNION\s+SELECT|'\s*;--|1\s*=\s*1)/
)
$ip = $e.principal.ip
match:
$ip over 5m
outcome:
$event_count = count_distinct($e.metadata.id)
$targeted_paths = array_distinct($e.network.http.target_url)
$user_agents = array_distinct($e.network.http.user_agent)
condition:
#e > 0
}Chronicle YARA-L 2.0 rule detecting SQL injection payloads in HTTP traffic targeting LiteLLM API endpoints. Groups events by source IP over a 5-minute window.
Data Sources
Required Tables
False Positives & Tuning
- Red team or penetration testing activities against LiteLLM deployments
- Misconfigured API clients sending malformed query strings
- Web crawlers that generate anomalous URL patterns
- Security research environments testing SQLi detection coverage
Other platforms for CVE-2026-42208
Testing Methodology
Validate this detection against 4 adversary techniques from Atomic Red Team. Each test below lists the behaviour to exercise and the telemetry you should expect to see. Executable commands and cleanup steps are available with Pro.
- Test 1Error-Based SQL Injection on LiteLLM /key/info Endpoint
Expected signal: HTTP 500 or 422 response from LiteLLM; database error message in application logs; WAF alert if deployed
- Test 2UNION SELECT Injection Attempt on /user/info Endpoint
Expected signal: HTTP 500 or data leak in response body; PostgreSQL logs show UNION SELECT statement; network proxy logs capture full URL with UNION payload
- Test 3Time-Based Blind SQL Injection via LiteLLM /spend/logs
Expected signal: Response time >= 5 seconds; PostgreSQL slow query log entry for pg_sleep; application logs show extended request duration
- Test 4POST Body SQL Injection to LiteLLM /key/generate
Expected signal: HTTP 400/500 with SQL error in response; application log shows malformed query; SIEM alert on POST body containing OR 1=1
Unlock Pro Content
Get the full detection package for CVE-2026-42208 including response playbook, investigation guide, and atomic red team tests.