LiteLLM’s open-source AI gateway is affected by two chained critical vulnerabilities (CVSS 9.8) that together enable unauthenticated remote code execution: CVE-2026-42271, an OS command injection flaw in the LiteLLM gateway, chains with CVE-2026-48710, a Host Header bypass in the underlying Starlette ASGI framework. Active exploitation has been confirmed by Horizon3.ai. Any organization running LiteLLM as an internet-accessible AI proxy faces the risk of full server compromise and exposure of all AI API keys configured in the gateway environment.