CVE-2026-42208 Splunk · SPL

Detect BerriAI LiteLLM SQL Injection Exploitation (CVE-2026-42208) in Splunk

Detects exploitation attempts targeting a SQL injection vulnerability in BerriAI LiteLLM (CVE-2026-42208, CWE-89). LiteLLM is a widely deployed LLM proxy/gateway; successful exploitation allows unauthenticated or authenticated attackers to manipulate backend database queries, potentially exfiltrating API keys, user data, model configurations, and spend tracking records. This CVE is listed on the CISA KEV catalog, indicating active exploitation in the wild.

MITRE ATT&CK

Tactic
Initial Access Credential Access Discovery Collection

SPL Detection Query

Splunk (SPL)
spl 
index=web OR index=proxy OR index=waf sourcetype IN ("access_combined", "nginx:access", "apache:access", "aws:alb:accesslogs", "pan:traffic", "suricata")
| where match(uri_path, "(?i)(key|user|spend|model|team|health|chat\/completions)")
| eval sqli_in_uri=if(match(uri_query, "(?i)('\s*OR\s*'|UNION\s+SELECT|--\s|'\s*;|1=1|0x27|%27)"), 1, 0)
| eval sqli_in_body=if(match(_raw, "(?i)('\s*OR\s*'|UNION\s+SELECT|--\s|'\s*;|1\s*=\s*1)"), 1, 0)
| where sqli_in_uri=1 OR sqli_in_body=1
| stats count AS attempt_count, dc(uri_path) AS distinct_paths, earliest(_time) AS first_seen, latest(_time) AS last_seen, values(uri_path) AS paths_targeted BY src_ip, http_user_agent
| eval risk=case(attempt_count>10, "high", attempt_count>3, "medium", true(), "low")
| sort -attempt_count
critical severity medium confidence

Detects SQL injection attempts against LiteLLM API endpoints by inspecting web/proxy/WAF logs for SQLi payloads in URI query strings and raw request bodies. Groups by source IP for burst analysis.

Data Sources

Web/Proxy LogsNginx Access LogsApache Access LogsAWS ALB LogsPalo Alto Traffic LogsSuricata IDS

Required Sourcetypes

access_combinednginx:accessapache:accessaws:alb:accesslogspan:traffic

False Positives & Tuning

  • Security scanners (Burp Suite, OWASP ZAP) during authorized assessments
  • LLM prompt content containing SQL-like syntax forwarded through the proxy
  • Automated API testing suites with fuzz payloads
  • WAF bypass testing by red teams

Other platforms for CVE-2026-42208

Microsoft Sentinel (KQL) Elastic Security (Elastic) IBM QRadar (QRadar) Sumo Logic CSE (Sumo) Google Chronicle (YARA-L) CrowdStrike LogScale (LogScale) All platforms (combined) →

Testing Methodology

Validate this detection against 4 adversary techniques from Atomic Red Team. Each test below lists the behaviour to exercise and the telemetry you should expect to see. Executable commands and cleanup steps are available with Pro.

  1. Test 1Error-Based SQL Injection on LiteLLM /key/info Endpoint

    Expected signal: HTTP 500 or 422 response from LiteLLM; database error message in application logs; WAF alert if deployed

  2. Test 2UNION SELECT Injection Attempt on /user/info Endpoint

    Expected signal: HTTP 500 or data leak in response body; PostgreSQL logs show UNION SELECT statement; network proxy logs capture full URL with UNION payload

  3. Test 3Time-Based Blind SQL Injection via LiteLLM /spend/logs

    Expected signal: Response time >= 5 seconds; PostgreSQL slow query log entry for pg_sleep; application logs show extended request duration

  4. Test 4POST Body SQL Injection to LiteLLM /key/generate

    Expected signal: HTTP 400/500 with SQL error in response; application log shows malformed query; SIEM alert on POST body containing OR 1=1

Last updated: 2026-06-19 Research depth: standard
References (2)

Unlock Pro Content

Get the full detection package for CVE-2026-42208 including response playbook, investigation guide, and atomic red team tests.

Response PlaybookInvestigation GuideHunting QueriesAtomic Red Team TestsTuning Guidance
Sign Up for Pro View Pricing

Related Detections

Tactic Hubs

TA0001Initial AccessTA0006Credential AccessTA0007DiscoveryTA0009Collection

Related Techniques

T1190Exploit Public-Facing ApplicationT1552.001Credentials In FilesT1213Data from Information RepositoriesT1078Valid Accounts

Same Tactic: Initial Access

Popular Detections