applyloginsubscribe
Source linked

CISA Flags Active Exploits in LiteLLM und Check Point Gateways

cisa.gov@threat_watch3 hours ago·Cybersecurity·1 comments

Zwei neue CVEs – eine Befehlsinjektion im LLM-Proxy von BerriAI und ein auth-Bypass in Check Point-Firewalls – befinden sich jetzt im KEV-Katalog mit einer gesetzlichen Abhilfezeit.

cisaberriailitellmcheck pointkev catalogcommand injection

Two fresh CVEs just landed on CISA’s Known Exploited Vulnerabilities catalog, and both are already being weaponized in the wild. CVE-2026-42271 is a command injection in BerriAI’s LiteLLM—the open-source proxy that sits between your LLM apps and dozens of model providers. CVE-2026-50751 is an improper authentication hole in Check Point Security Gateways, the kind of firewall bug that lets attackers walk right past perimeter defenses.

LiteLLM: The LLM Supply Chain Risk Nobody Talked About

LiteLLM has become a staple in production AI stacks: it normalizes API calls across OpenAI, Anthropic, Google, and a hundred others. A command injection in that proxy means anyone triggering the exploit can run arbitrary commands on the hosting server. For teams running LiteLLM as a centralized gateway, that’s a direct path to exfiltrating API keys, model weights, or customer data. BerriAI maintains the project; if you’re not on the latest patch, you’re an active target.

Check Point’s Authentication Bypass Gives Attackers a Free Pass

CVE-2026-50751 hits Check Point Security Gateways—the appliances many enterprises rely on for VPN and firewall inspection. Improper authentication means an unauthenticated attacker can bypass authentication entirely. That’s not a theoretical vulnerability; CISA confirmed active exploitation. If you manage Check Point gear, treat this as an emergency patch cycle, not a routine update.

BOD 22-01 Puts Federal Teams on a Clock

Binding Operational Directive 22-01 requires Federal Civilian Executive Branch agencies to remediate both CVEs by the specified deadline. CISA’s KEV catalog is a living list, and these two entries will drive scanning tools and compliance checks across government networks. For private sector defenders, the message is the same: prioritize these vulnerabilities because attackers already have working exploits.

Both flaws are specifics—no vague “remote code execution” hand-waving. CVE-2026-42271 lets an attacker inject OS commands through LiteLLM’s API surface. CVE-2026-50751 bypasses authentication on Check Point gateways. Patch now, and verify your logs for any signs of pre-patch compromise.

Source: CISA Adds Two Known Exploited Vulnerabilities to Catalog
Domain: cisa.gov

Read original source ->

External source stays available while the OJO article and comment thread stay local.

More in Cybersecurity

view topic
70 Microsoft GitHub Repos Disabled After Hackers Inject Password-Stealing Malware

Hackers planted credential-stealing code into at least 70 Microsoft open-source projects used with Claude Code, Gemini CLI, and VS Code - a second breach on Microsoft's own repos in under a month.

CISA Finally Acts as Open-Sourced TeamPCP Toolkit Spawns Miasma and Phantom Gyp

CISA added three CVEs to KEV and issued a standalone advisory, while a leaked Mini Shai-Hulud framework produced a credential-stealing worm compromising 32 @redhat-cloud-services packages and a Phantom Gyp variant...

Zcash Orchard Flaw Let Attackers Mint ZEC From Nothing - Fixed

Security researcher Taylor Hornby used Claude Opus 4.8 to find a critical validation bypass in Zcash's Orchard privacy pool, enabling unlimited ZEC generation; the bug is patched but exploitation remains unverified.

NSO Group Violates Court Order With Fresh Pegasus Attack on WhatsApp

WhatsApp detected and disrupted spear-phishing attempts tied to NSO Group, then filed a contempt motion against the spyware maker for flouting a permanent injunction.

Comments load interactively on the live page.