3 min read
Vulnerabilities CISA added CVE-2026-42271 to KEV after Horizon3.ai chained the LiteLLM MCP command injection flaw with a Starlette auth bypass for unauthenticated RCE. Federal deadline: June 22.
CISA added CVE-2026-42271 to KEV after Horizon3.ai chained the LiteLLM MCP command injection flaw with a Starlette auth bypass for unauthenticated RCE. Federal deadline: June 22.