Key Findings Critical SQL injection vulnerability (CVE-2026-42208, CVSS 9.3) in BerriAI's LiteLLM Python package exploited within 36 hours of public disclosure Affects versions 1.81.16 through 1.83.6; patched in version 1.83.7 released April 19, 2026 First exploitation attempt recorded April 26 at 16:17 UTC from IP 65.111.27.132 Threat actor demonstrated precise knowledge of LiteLLM database schema, targeting high-value credential tables No confirmed data theft or credential