CISA KEV Highlights LiteLLM RCE (CVE-2026-42271) & Check Point VPN Auth Bypass (CVE-2026-50751)

CISA added two vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog on June 8, 2026: CVE-2026-42271 in BerriAI LiteLLM and CVE-2026-50751 in Check Point Security Gateway.

Both issues affect high-value parts of modern enterprise environments. LiteLLM often sits between users, applications, and model providers, which means exposed deployments may hold API keys, secrets, and access to internal AI workflows. Check Point Remote Access VPN and Mobile Access sit at the perimeter, where a successful bypass can give attackers a direct path into protected networks.

This post summarizes what is known about both KEV entries, where the risk is highest, and what defenders should do next. It also briefly covers CVE-2026-23111, a Linux kernel privilege escalation flaw that is not currently listed in KEV but still deserves attention.

What Is CVE-2026-42271 in LiteLLM?

CVE-2026-42271 (CVSS 8.8) is a command execution vulnerability in LiteLLM tied to its MCP server preview and test functionality.

Two endpoints allowed users to submit a full MCP server configuration before saving it. That configuration could include command, args, and env fields used by stdio transport. When LiteLLM tested the connection, it spawned the supplied command as a subprocess on the LiteLLM proxy host.

In practical terms, a feature designed to test MCP connectivity could be abused to execute operating system commands in the context of the LiteLLM proxy process.

Which LiteLLM Versions and Endpoints Are Affected?

The affected versions are:

• LiteLLM versions 1.74.2 through 1.83.6
• Fixed version: LiteLLM 1.83.7

The vulnerable endpoints are:

• POST /mcp-rest/test/connection

• POST /mcp-rest/test/tools/list

The original advisory described this as an authenticated issue because the endpoints required a valid LiteLLM proxy API key. However, the endpoints did not require an admin role before the fix. That meant even low-privilege internal-user keys could potentially reach the vulnerable functionality.

The fix in version 1.83.7 changed the authorization model so these test endpoints require the PROXY_ADMIN role.

Why the LiteLLM Issue May Be Worse in Some Deployments

The base issue requires a valid proxy API key. However, later research found that CVE-2026-42271 could be chained with Starlette CVE-2026-48710, a Host header validation bypass, to bypass authentication in some LiteLLM deployments.

That chained path changes the risk profile. Instead of requiring a valid proxy key, exposed and vulnerable deployments may become reachable for unauthenticated remote code execution if the affected Starlette dependency condition is present.

For defenders, this means the response should not stop at “who has proxy keys?” Teams should also check whether their LiteLLM deployment includes the affected Starlette condition and whether the LiteLLM proxy is reachable from untrusted networks.

What Is CVE-2026-50751 in Check Point Remote Access and Mobile Access?

CVE-2026-50751 (CVSS 9.3) is an authentication bypass affecting Check Point Remote Access VPN and Mobile Access deployments configured to use deprecated IKEv1 key exchange.

The vulnerability stems from a logic flaw in certificate validation. A remote unauthenticated attacker can abuse the issue to establish a remote access VPN session without a valid user password.

This makes the flaw especially serious because VPN services are often internet-facing by design. Successful exploitation can give attackers an initial foothold, although the vendor notes that additional post-authentication activity is still required to access internal resources or escalate privileges.

When Are Check Point Gateways Exposed?

Exposure is configuration-dependent. The highest-risk deployments are those that:

• Use deprecated IKEv1 key exchange
• Support affected Remote Access VPN or Mobile Access configurations
• Allow legacy remote access behavior
• Do not enforce stronger certificate-based controls

The vendor’s advisory lists affected products and versions across Security Gateways, Spark Firewall, Mobile Access / SSL VPN, and Remote Access VPN. Organizations should verify their exact product version, remote access configuration, and hotfix status rather than assuming they are unaffected.

What Is Known About Exploitation?

Both vulnerabilities were added to CISA KEV, which means CISA has evidence of active exploitation.

For LiteLLM CVE-2026-42271, public reporting confirms the vulnerable endpoints and the possible unauthenticated chain with Starlette CVE-2026-48710. Public details about specific campaigns, victims, or attacker infrastructure remain limited.

For Check Point CVE-2026-50751, the exploitation picture is clearer. Researchers reported active exploitation, with activity dating back to May 7, 2026 and an increase in early June. The vendor said exploitation appeared limited to a few dozen targeted organizations globally. One case involved post-compromise activity linked to a Qilin ransomware affiliate with medium confidence.

CISA set different remediation deadlines for the two KEV entries. Federal Civilian Executive Branch (FCEB) agencies must remediate CVE-2026-50751 by June 11, 2026, reflecting the urgency around active exploitation of an internet-facing VPN flaw. CVE-2026-42271 has a later due date of June 22, 2026, but organizations running exposed LiteLLM proxy instances should still prioritize patching earlier because the issue can lead to command execution in AI gateway environments.

What Should Defenders Do Now?

CVE-2026-42271

Upgrade LiteLLM to version 1.83.7 or later.

Also review whether the deployment includes the affected Starlette condition tied to CVE-2026-48710. If so, update Starlette to a fixed version as part of remediation.

If immediate patching is not possible, block access to the vulnerable endpoints at the reverse proxy, API gateway, or network layer:

• POST /mcp-rest/test/connection

• POST /mcp-rest/test/tools/list

Teams should also review proxy API key exposure. If low-privilege keys were widely distributed, rotate keys after patching and review logs for suspicious use of MCP test endpoints, unusual subprocess execution, and unexpected Host header activity.

CVE-2026-50751

Apply the vendor hotfix for affected Security Gateways and Spark Firewall deployments.

If patching cannot happen immediately, reduce exposure through configuration controls where applicable:

• Disable or phase out IKEv1 for Remote Access VPN
• Move remote access configurations to IKEv2 where supported
• Remove support for legacy remote access clients
• Require stronger certificate-based authentication controls
• Follow the vendor’s advisory for exact mitigation and upgrade guidance

For incident response, review VPN logs, configuration history, and related security events dating back to May 7, 2026, the earliest exploitation date reported.

Prioritize Known Exploited Vulnerabilities Faster with SOCRadar

CISA KEV additions help teams identify vulnerabilities already exploited in real attacks. SOCRadar XTI helps turn those alerts into faster action by connecting threat context, exposure data, and remediation tracking in one workflow.

With SOCRadar, security teams can:

• Track KEV-listed CVEs, exploit status, affected products, and due dates with Cyber Threat Intelligence
• Identify exposed assets and internet-facing services with Attack Surface Management
• Monitor exploit chatter, leaked access, and attacker discussions with Dark Web Monitoring
• Support compliance and internal SLAs by mapping remediation urgency to confirmed exploitation

Together, SOCRadar’s Vulnerability Intelligence, ASM, and Dark Web Monitoring capabilities help teams move from “new KEV entry” to prioritized, evidence-based remediation.

Also Worth Noting: Linux Kernel CVE-2026-23111

CVE-2026-23111 (CVSS 7.8) is not currently listed as a CISA KEV item based on the sources reviewed, but it remains operationally important.

The flaw affects the Linux kernel’s netfilter / nf_tables subsystem. It comes from an inverted logic check in nft_map_catchall_activate(), which can mishandle catchall map elements during the abort path of failed nftables transactions. Under certain conditions, this can lead to a use-after-free and local privilege escalation.

NVD describes the issue as exploitable by an unprivileged local user when user namespaces and nftables are available, specifically on systems with CONFIG_USER_NS and CONFIG_NF_TABLES.

This is not the same type of exposure as an internet-facing VPN flaw, but it still matters for shared Linux systems, CI runners, container-heavy environments, multi-tenant hosts, and systems where attackers may already have low-level local code execution.

Defenders should apply kernel updates from their Linux distribution or confirmed stable branch fixes. They should prioritize systems where untrusted users or workloads can access user namespaces and nftables functionality.