What is CVE-2026-42203?

CVE-2026-42203 is a high-severity vulnerability in Berriai Litellm, classified under Improper Neutralization of Special Elements Used in a Template Engine. CVSS score: 8.8/10. Published 2026-05-08.

How severe is CVE-2026-42203?

High severity. CVSS v3 base score is 8.8 out of 10.

Is CVE-2026-42203 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Berriai Litellm

CVE-2026-42203

LiteLLM is a proxy server (AI Gateway) to call LLM APIs in OpenAI (or native) format. From version 1.80.5 to before version 1.83.7, the POST /prompts/test endpoint accepted user-supplied prompt templates and rendered them without sandboxin…

EPSS: 0.001 (18.3th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 8.8 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H.

Affected products

Berriai Litellm — versions >= 1.80.5, < 1.83.7
Litellm

Weakness classification (CWE)

CWE-1336 — Improper Neutralization of Special Elements Used in a Template Engine

Public proof-of-concept exploits

Astianjy/CVE-2026-42203

References

security-advisories@github.com (x_refsource_CONFIRM, Patch, Mitigation, Vendor Advisory)
security-advisories@github.com (Product, x_refsource_MISC, Release Notes)

Frequently asked questions

What is CVE-2026-42203?: CVE-2026-42203 is a high-severity vulnerability in Berriai Litellm, classified under Improper Neutralization of Special Elements Used in a Template Engine. CVSS score: 8.8/10. Published 2026-05-08.
How severe is CVE-2026-42203?: High severity. CVSS v3 base score is 8.8 out of 10.
Is CVE-2026-42203 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.