CVE-2026-42271 is a critical unauthenticated remote code execution vulnerability in LiteLLM Proxy, an open-source LLM API gateway widely deployed in AI/ML pipelines and developer tooling. Researchers report active exploitation and a potential chain with CVE-2026-48710 to bypass authentication entirely, allowing any network-accessible attacker to execute arbitrary OS commands on the host. EPSS of 0.608 places this in the 98th percentile for exploitation probability.