答案已發布4 天前Last edited 4 天前27 個來源

【關鍵漏洞警報】AI 閘道 LiteLLM 與框架 Starlette 雙漏洞串連，造就滿分遠端代碼執行危機

LiteLLM 的 MCP 測試端點存在命令注入漏洞 (CVE 2026 42271)，允許任何持有 API 金鑰的用戶在主機上執行任意指令。 Starlette 框架的「BadHost」漏洞 (CVE 2026 48710) 則讓駭客透過竄改 Host 標頭，徹底繞過 API 金鑰的身分驗證機制。

使用 Studio Global AI 搜尋並查證事實瀏覽更多熱門頁面

124K0

Abstract visual of a glowing AI gateway server being breached by a chain of two interconnected vulnerabilities, representing an active cybersecurity threat. — What is the critical LiteLLM AI gateway command injection flaw (CVE-2026-42271, CVSS 8.7) that CISA has added to its Known Exploited VulneraA chained exploit combining command injection and a host-header bypass transforms the LiteLLM AI gateway into an unauthenticated remote code execution target, earning a maximum CVSS 10.0 severity rating.
AI 提示詞
Create a landscape editorial hero image for this Studio Global article: What is the critical LiteLLM AI gateway command injection flaw (CVE-2026-42271, CVSS 8.7) that CISA has added to its Known Exploited Vulnera. Article summary: Here is the full breakdown of this critical vulnerability chain.. Topic tags: general, government, general web, user generated, documentation. Reference image context from search candidates: Reference image 1: visual subject "[CVE-2026-42271 — BerriAI LiteLLM Command Injection Vulnerability →](https://securityonline.info/cve-watchtower/?cve_detail=CVE-2026-42271) [CVE-2026-50751 — Check Point Security G" source context "CISA Active Exploit Catalog Adds Critical Gateway Flaws" Reference image 2: visual subject "Cybersecurity control dashboard highlighting known exploited vulnerabilities and command injection attack alerts." source context "CISA KEV Update: Explo
openai.com

如果你以為把 API 金鑰鎖在閘道裡就萬無一失，那近期資安圈投下的這枚震撼彈，可能會徹底顛覆你的認知。美國網路安全暨基礎設施安全局（CISA）近日正式將 CVE-2026-42271 列入「已知遭利用漏洞目錄」（Known Exploited Vulnerabilities, KEV），主因是名為 LiteLLM 的廣受歡迎的 AI 閘道，竟藏著致命的命令注入漏洞。

更駭人的是，這個原本只給 8.7 分的漏洞，被研究人員發現在搭配另一個藏身於 Python 底層框架的「BadHost」漏洞後，竟能串連成 不需要任何帳號密碼的遠端程式碼執行（RCE） 攻擊，CVSS 風險評級直接爆錶至滿分 10.0 。

這意味著，你部署在雲端、用來對接 OpenAI 或 Anthropic 等數十種大型語言模型（LLM）的流量中樞，很可能早已變成駭客任意進出的「數位提款機」。

第一個缺口：形同虛設的測試端點

LiteLLM 是一個開源的代理伺服器，扮演著應用程式與各大語言模型提供者之間的閘道角色。為了讓開發者更方便，LiteLLM 提供了兩個專門「預覽」MCP 伺服器設定的端點：

```
POST /mcp-rest/test/connection
```

Studio Global AI

Search, cite, and publish your own answer

Use this topic as a starting point for a fresh source-backed answer, then compare citations before you share it.

使用 Studio Global AI 搜尋並查證事實

大家也會問