CVE-2026-42271 Splunk · SPL

Detect BerriAI LiteLLM Command Injection (CVE-2026-42271) in Splunk

Detects exploitation of CVE-2026-42271, a command injection vulnerability in BerriAI LiteLLM. An attacker who can reach the LiteLLM API or admin interface may inject OS commands that execute under the LiteLLM process context, leading to remote code execution. The vulnerability is tracked under CWE-78 (OS Command Injection) and CWE-77 (Command Injection) and is listed as actively exploited in CISA KEV.

MITRE ATT&CK

Tactic
Execution Persistence Lateral Movement

SPL Detection Query

Splunk (SPL)
spl 
index=* (sourcetype="WinEventLog:Security" OR sourcetype="linux_secure" OR sourcetype="osquery:results" OR sourcetype="stream:http")
| eval cmd=coalesce(CommandLine, process, cmd, uri_path)
| eval decoded_cmd=urldecode(cmd)
| where (match(cmd, "(?i)(litellm|uvicorn|gunicorn)") OR match(process_parent_name, "(?i)(litellm|uvicorn|gunicorn|python)"))
| where match(decoded_cmd, "[;|&`$(<>]|\%0[aAdD]|\%3[bB]|\%26|\%7[cC]")
| eval injection_indicator=case(
    match(decoded_cmd, "[;]\s*\w+"), "semicolon_chaining",
    match(decoded_cmd, "\|\s*\w+"), "pipe_chaining",
    match(decoded_cmd, "&&|\|\|"), "logical_chaining",
    match(decoded_cmd, "\$\("), "command_substitution",
    1=1, "encoded_metachar"
  )
| table _time, host, user, process_parent_name, cmd, decoded_cmd, injection_indicator, src_ip
| sort -_time
critical severity medium confidence

Detects command injection metacharacters in processes spawned by or associated with LiteLLM/uvicorn/gunicorn parent processes, indicating potential exploitation of CVE-2026-42271.

Data Sources

Windows Security Event LogLinux Secure LogosqueryHTTP stream data

Required Sourcetypes

WinEventLog:Securitylinux_secureosquery:resultsstream:http

False Positives & Tuning

  • Legitimate shell scripting that invokes LiteLLM as a subprocess with piped arguments
  • Automated testing frameworks that include special characters in test payloads
  • Misconfigured logging that captures encoded HTTP parameters containing metacharacters

Other platforms for CVE-2026-42271

Microsoft Sentinel (KQL) Elastic Security (Elastic) IBM QRadar (QRadar) Sumo Logic CSE (Sumo) Google Chronicle (YARA-L) CrowdStrike LogScale (LogScale) All platforms (combined) →

Testing Methodology

Validate this detection against 4 adversary techniques from Atomic Red Team. Each test below lists the behaviour to exercise and the telemetry you should expect to see. Executable commands and cleanup steps are available with Pro.

  1. Test 1LiteLLM API Command Injection via Model Parameter

    Expected signal: Process creation event showing sh or bash child process under the uvicorn/gunicorn parent with command line containing the injected id command

  2. Test 2LiteLLM Out-of-Band Command Injection with Reverse Shell Attempt

    Expected signal: Network connection event showing outbound TCP to 127.0.0.1:9999 from the LiteLLM process, plus a bash process with -i flag spawned from the Python parent

  3. Test 3LiteLLM Config Endpoint Command Injection via Backtick Substitution

    Expected signal: Process creation event with backtick command substitution syntax in command line, spawned from the LiteLLM Python process

  4. Test 4Post-Exploitation Credential Harvesting via LiteLLM Injection

    Expected signal: Process creation event showing cat and tr commands spawned from LiteLLM parent, with file write event to /tmp/cve42271_env.txt

Last updated: 2026-06-19 Research depth: standard
References (3)

Unlock Pro Content

Get the full detection package for CVE-2026-42271 including response playbook, investigation guide, and atomic red team tests.

Response PlaybookInvestigation GuideHunting QueriesAtomic Red Team TestsTuning Guidance
Sign Up for Pro View Pricing

Related Detections

Tactic Hubs

TA0002ExecutionTA0003PersistenceTA0008Lateral Movement

Related Techniques

T1190Exploit Public-Facing ApplicationT1059Command and Scripting InterpreterT1021Remote Services

Same Tactic: Execution

Popular Detections