A critical vulnerability in BerriAI's LiteLLM, tracked as CVE-2026-42208 with a CVSS score of 9.3, has been added to the U.S. Cybersecurity and Infrastructure Security Agency's (CISA) Known Exploited Vulnerabilities catalog1. This SQL injection flaw in the proxy API key verification process allows attackers to exploit the vulnerability, which was rapidly targeted by attackers just days after its public disclosure at the end of April. The vulnerability's inclusion in the KEV catalog indicates that it is being actively exploited, highlighting the need for prompt action. The exploitation status of CVE-2026-42208 will determine whether this is a patch-now or monitor situation, making it crucial for practitioners to stay informed. This vulnerability's active exploitation underscores the importance of timely patching and monitoring to prevent potential attacks, so what matters most to practitioners is the urgency of addressing this flaw to prevent further exploitation.