CVE-2026-42208: Targeted SQL injection against LiteLLM's authentication path discovered 36 hours following vulnerability disclosure

A critical pre-auth SQL injection (CVE-2026-42208) in LiteLLM allowed unauthenticated attackers to run arbitrary SELECT queries against its PostgreSQL backend, exposing virtual API keys, stored provider credentials, and environment variables; targeted schema-enumeration attempts were observed from two IPs 36 hours after disclosure—operators should update to v1.83.7, rotate keys, restrict access, and monitor for the listed IOCs.