CVE-2026-42208 affects BerriAI LiteLLM and permits SQL injection attacks against the proxy database, enabling unauthorized data exfiltration and modification of stored credentials. Attack surface includes the proxy's database layer, where an adversary can extract authentication material and establish lateral access to systems leveraging managed credentials. The vulnerability was indexed by CISA on the Known Exploited Vulnerabilities catalog, indicating active exploitation conditions in operational environments. Immediate patching is required for all LiteLLM deployments handling production credential material.