CVE-2026-42271 is a chained vulnerability in the LiteLLM open-source AI gateway with a CVSS base score of 9.0 and an EPSS score at the 98.9th percentile, meaning real-world exploitation is assessed as highly likely. A low-privilege authenticated user can escalate to full administrative control and execute arbitrary code on the LiteLLM host server, exposing all LLM provider API keys (OpenAI, Anthropic, and others) and the complete content of every AI prompt and response processed through the gateway. A separate supply chain compromise disclosed by LiteLLM in March 2026 compounds the risk.