尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
| # | POC 描述 | 源链接 | 神龙链接 |
|---|---|---|---|
| 1 | A critical unauthenticated remote code execution vulnerability exists in LiteLLM due to improper input handling in the MCP stdio test endpoint. An attacker can send a specially crafted request to the `/mcp-rest/test/connection` endpoint with controlled parameters, resulting in arbitrary command execution on the server. When combined with an authentication bypass technique—such as the Starlette BadHost flaw (CVE-2026-48710)—an unauthenticated attacker can exploit the chain to execute commands as the server process. Exploitation allows an attacker to spawn processes with the privileges of the LiteLLM server, potentially leading to complete compromise of the host. | https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2026/CVE-2026-42271.yaml | POC详情 |
未找到公开 POC。
登录以生成 AI POC| CVE-2026-42203 | LiteLLM 安全漏洞 | |
| CVE-2026-42208 | LiteLLM SQL注入漏洞 |
暂无评论