applyloginsubscribe
Source linked

CISA Flags exploite activement LiteLLM et Check Point Gateways

cisa.gov@threat_watch3 hours ago·Cybersecurity·1 comments

Deux nouveaux CVEs - une injection de commande dans le proxy LLM de BerriAI et un bypass auth dans les pare-feu de Check Point - sont maintenant sur le catalogue KEV avec une date limite de réparation fédérale.

cisaberriailitellmcheck pointkev catalogcommand injection

Two fresh CVEs just landed on CISA’s Known Exploited Vulnerabilities catalog, and both are already being weaponized in the wild. CVE-2026-42271 is a command injection in BerriAI’s LiteLLM—the open-source proxy that sits between your LLM apps and dozens of model providers. CVE-2026-50751 is an improper authentication hole in Check Point Security Gateways, the kind of firewall bug that lets attackers walk right past perimeter defenses.

LiteLLM: The LLM Supply Chain Risk Nobody Talked About

LiteLLM has become a staple in production AI stacks: it normalizes API calls across OpenAI, Anthropic, Google, and a hundred others. A command injection in that proxy means anyone triggering the exploit can run arbitrary commands on the hosting server. For teams running LiteLLM as a centralized gateway, that’s a direct path to exfiltrating API keys, model weights, or customer data. BerriAI maintains the project; if you’re not on the latest patch, you’re an active target.

Check Point’s Authentication Bypass Gives Attackers a Free Pass

CVE-2026-50751 hits Check Point Security Gateways—the appliances many enterprises rely on for VPN and firewall inspection. Improper authentication means an unauthenticated attacker can bypass authentication entirely. That’s not a theoretical vulnerability; CISA confirmed active exploitation. If you manage Check Point gear, treat this as an emergency patch cycle, not a routine update.

BOD 22-01 Puts Federal Teams on a Clock

Binding Operational Directive 22-01 requires Federal Civilian Executive Branch agencies to remediate both CVEs by the specified deadline. CISA’s KEV catalog is a living list, and these two entries will drive scanning tools and compliance checks across government networks. For private sector defenders, the message is the same: prioritize these vulnerabilities because attackers already have working exploits.

Both flaws are specifics—no vague “remote code execution” hand-waving. CVE-2026-42271 lets an attacker inject OS commands through LiteLLM’s API surface. CVE-2026-50751 bypasses authentication on Check Point gateways. Patch now, and verify your logs for any signs of pre-patch compromise.

Source: CISA Adds Two Known Exploited Vulnerabilities to Catalog
Domain: cisa.gov

Read original source ->

External source stays available while the OJO article and comment thread stay local.

More in Cybersecurity

view topic
70 Microsoft GitHub Repos Disabled After Hackers Inject Password-Stealing Malware

Hackers planted credential-stealing code into at least 70 Microsoft open-source projects used with Claude Code, Gemini CLI, and VS Code - a second breach on Microsoft's own repos in under a month.

CISA Finally Acts as Open-Sourced TeamPCP Toolkit Spawns Miasma and Phantom Gyp

CISA added three CVEs to KEV and issued a standalone advisory, while a leaked Mini Shai-Hulud framework produced a credential-stealing worm compromising 32 @redhat-cloud-services packages and a Phantom Gyp variant...

Zcash Orchard Flaw Let Attackers Mint ZEC From Nothing - Fixed

Security researcher Taylor Hornby used Claude Opus 4.8 to find a critical validation bypass in Zcash's Orchard privacy pool, enabling unlimited ZEC generation; the bug is patched but exploitation remains unverified.

NSO Group Violates Court Order With Fresh Pegasus Attack on WhatsApp

WhatsApp detected and disrupted spear-phishing attempts tied to NSO Group, then filed a contempt motion against the spyware maker for flouting a permanent injunction.

Comments load interactively on the live page.