Overview
- Sysdig reported that exploitation began about 36 hours after the advisory was indexed on April 24, describing the activity as a targeted schema probe rather than a confirmed breach.
- The bug lets an unauthenticated request with a crafted Authorization header reach a vulnerable key‑check query and read or change the LiteLLM proxy database.
- Affected releases are versions 1.81.16 through 1.83.6, and maintainers fixed the issue in version 1.83.7 by switching to parameterized queries.
- Researchers saw precise queries against tables that hold API keys and configuration data, along with column and schema enumeration in a two‑phase operation using rotated IP addresses.
- Maintainers urge immediate upgrading or the disable_error_logs workaround, and operators should rotate all stored keys because rows can include high‑value OpenAI, Anthropic, and AWS Bedrock credentials.