CVE-2026-42203

high Red Hat
CVSS v3 Base Score
8.8
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score
0.1%
Exploitation probability in 30 days
Top 82% most likely to be exploited
Attack Characteristics
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Confidentiality
High
Integrity
High
Availability
High
Published: May 8, 2026 (63 days ago)
Last Modified: May 8, 2026
Vendor: Red Hat
Source: REDHAT

Description

A flaw was found in LiteLLM, an AI Gateway. An authenticated user could exploit this by sending a crafted prompt template to the POST /prompts/test endpoint. The endpoint rendered user-supplied prompt templates without proper sandboxing. This could lead to arbitrary code execution within the LiteLLM Proxy process, potentially exposing sensitive information such as API keys or database credentials, and allowing commands to be run on the host system.

CWE

CWE-94

Affected Products

Exploit IntelligenceRed Hat Ansible Automation Platform 2Red Hat OpenShift AI (RHOAI)

References