IOC Radar
TLP:WHITE2 IOCs

LiteLLM RCE Vulnerability Exploited in the Wild to Run Commands

CP
Cyber Press
Published June 9, 2026Original Report

Diamond Model

Attack Flow4 steps · MITRE ATT&CK mapped

Initial AccessTA0001·T1190
1/4
Exploit Public-Facing Application
ActionBypass authentication
Attackers exploit CVE-2026-48710 (Starlette Host Header bypass) to bypass authentication on LiteLLM.

5W+H Threat Analysis

Analysis unavailable

Indicators of Compromise

Indicators of Compromise2

TypeIndicatorConfidenceScoreFirst Seen
CVECVE-2026-42271
exploitintel-blogvulnerability
Medium
51
Jun 9, 26
CVECVE-2026-48710
exploitintel-blogvulnerability
Medium
51
Jun 9, 26

IOC Relationship Graph

IOC Relationship Graph2 total IOCs
CVE
CVE2REPORTLiteLLM RCE Vulnerability
scroll to zoom · drag to pan · click IOC to open