Two chained critical vulnerabilities in the LiteLLM AI gateway and Python SDK allow unauthenticated attackers to execute arbitrary code on the host with no credentials required. Active exploitation is confirmed in the wild. Any internet-exposed LiteLLM instance should be treated as a critical emergency: restrict access immediately, rotate all API keys and model provider credentials, and prioritize patching before restoring service.
