Detect BerriAI LiteLLM Command Injection (CVE-2026-42271) in CrowdStrike LogScale
Detects exploitation of CVE-2026-42271, a command injection vulnerability in BerriAI LiteLLM. An attacker who can reach the LiteLLM API or admin interface may inject OS commands that execute under the LiteLLM process context, leading to remote code execution. The vulnerability is tracked under CWE-78 (OS Command Injection) and CWE-77 (Command Injection) and is listed as actively exploited in CISA KEV.
MITRE ATT&CK
- Tactic
- Execution Persistence Lateral Movement
LogScale Detection Query
#event_simpleName=ProcessRollup2
| ParentBaseFileName in ("python", "python3", "uvicorn", "gunicorn")
| CommandLine = /[;|&`]|\$\(|&&|\|\||%0[aA]|%3[bB]|%7[cC]/
| TargetProcessFileName in ("sh", "bash", "dash", "zsh", "cmd.exe", "powershell.exe", "wget", "curl", "nc", "ncat", "python", "python3")
| eval InjectionType=case(
CommandLine matches /;/, "semicolon_chain",
CommandLine matches /&&/, "logical_and_chain",
CommandLine matches /\|\|/, "logical_or_chain",
CommandLine matches /\$\(/, "command_substitution",
CommandLine matches /`/, "backtick_substitution",
CommandLine matches /%0[aA]|%3[bB]/, "url_encoded_injection",
true(), "pipe_injection"
)
| table timestamp, aid, ComputerName, UserName, ParentBaseFileName, TargetProcessFileName, CommandLine, InjectionType
| sort timestamp desc
| limit 200CrowdStrike Falcon LogScale CQL query detecting shell or interpreter processes spawned from Python/uvicorn/gunicorn parents with command injection indicators, consistent with CVE-2026-42271 exploitation.
Data Sources
Required Tables
False Positives & Tuning
- Legitimate subprocess calls by LiteLLM plugins or extensions that invoke shell utilities
- DevOps tooling that wraps LiteLLM in shell scripts with piped arguments
- Automated model benchmarking pipelines that use shell redirection
Other platforms for CVE-2026-42271
Testing Methodology
Validate this detection against 4 adversary techniques from Atomic Red Team. Each test below lists the behaviour to exercise and the telemetry you should expect to see. Executable commands and cleanup steps are available with Pro.
- Test 1LiteLLM API Command Injection via Model Parameter
Expected signal: Process creation event showing sh or bash child process under the uvicorn/gunicorn parent with command line containing the injected id command
- Test 2LiteLLM Out-of-Band Command Injection with Reverse Shell Attempt
Expected signal: Network connection event showing outbound TCP to 127.0.0.1:9999 from the LiteLLM process, plus a bash process with -i flag spawned from the Python parent
- Test 3LiteLLM Config Endpoint Command Injection via Backtick Substitution
Expected signal: Process creation event with backtick command substitution syntax in command line, spawned from the LiteLLM Python process
- Test 4Post-Exploitation Credential Harvesting via LiteLLM Injection
Expected signal: Process creation event showing cat and tr commands spawned from LiteLLM parent, with file write event to /tmp/cve42271_env.txt
Unlock Pro Content
Get the full detection package for CVE-2026-42271 including response playbook, investigation guide, and atomic red team tests.