Back to Intelligence

CISA KEV Flash: 2 CVEs Added — BerriAI & Ivanti Under Active Attack

SA
Security Arsenal Team
May 14, 2026
7 min read

CISA has added two new vulnerabilities to the Known Exploited Vulnerabilities (KEV) catalog between 2026-05-07 and 2026-05-08. Both vulnerabilities are being actively exploited in the wild to compromise enterprise infrastructure.

CVE-2026-42208 | BerriAI LiteLLM | CRITICAL

  • Vulnerability: SQL Injection (SQLi)
  • Exploitation Method: Attackers are sending malicious payloads to the LiteLLM proxy interface, allowing them to read sensitive data (API keys, model configurations) from the backend database and potentially modify data or achieve remote code execution (RCE) via database chain reactions.
  • Threat Actors: Currently associated with initial access brokers targeting AI/ML infrastructure. No specific ransomware family claimed yet, but the access is being sold on underground forums.
  • CVSS Score: 9.8 (Critical)
  • Public PoC: Unconfirmed (Exploitation appears targeted).
  • CISA Action: Apply vendor updates or discontinue use of the product if unsupported. Federal agencies have 21 days to remediate per Binding Operational Directive (BOD) 23-01.

CVE-2026-6973 | Ivanti Endpoint Manager Mobile (EPMM) | HIGH

  • Vulnerability: Improper Input Validation (Authentication Bypass / Privilege Escalation)
  • Exploitation Method: A remotely authenticated user can send crafted requests to the management interface to escalate privileges to Administrator. This allows full control over managed mobile devices, including data exfiltration and remote wiping.
  • Threat Actors: Suspected state-sponsored activity and ransomware affiliates (e.g., clonings of past Ivanti campaigns).
  • CVSS Score: 8.8 (High)
  • Public PoC: No public PoC available, but exploitation logic is circulating in private exploit kits.
  • CISA Action: Patch immediately. Restrict management interface access to trusted internal networks only until patched. Federal deadline: 21 days.

Affected Organizations Assessment

BerriAI LiteLLM (CVE-2026-42208)

  • Exposed Environments: Organizations utilizing Large Language Models (LLMs) in production. Specifically, DevOps teams, AI startups, and enterprises running self-hosted LiteLLM proxies to manage API token aggregation and cost tracking.
  • Exposure Scale: High. LiteLLM is a standard "glue" layer in modern AI stacks. Many instances are exposed publicly on port 4000 or 8000 without strict WAF protection, assuming obscurity provides security.
  • Targeted Sectors: Technology, Financial Services (FinOps utilizing AI), and Healthcare (AI diagnostics).

Ivanti Endpoint Manager Mobile (CVE-2026-6973)

  • Exposed Environments: Enterprises managing fleets of mobile devices (iOS/Android) via on-premises Ivanti EPMM (formerly MobileIron) servers.
  • Exposure Scale: Medium-High. Legacy on-prem MDM deployments are common in regulated industries and government sectors that cannot move to the cloud.
  • Targeted Sectors: Government, Healthcare, and Manufacturing. Ivanti products are historically favorites for ransomware gangs seeking initial access into segmented networks via mobile management tunnels.

Detection Engineering

YAML
---
title: Potential SQL Injection in BerriAI LiteLLM
id: d5b8f6a2-1234-5678-9abc-def456789012
description: Detects potential SQL injection attempts against BerriAI LiteLLM proxy endpoints by identifying common SQL syntax in URI query strings.
status: experimental
date: 2026/05/08
author: Security Arsenal
references:
    - https://www.cisa.gov/known-exploited-vulnerabilities-catalog
logsource:
    category: webserver
detection:
    selection:
        cs-method|contains: 'POST'
        c-uri|contains:
            - '/chat/completions'
            - '/key/generate'
    filter:
        sc-status:
            - 200
            - 500
    keywords:
        c-uri-query|contains:
            - 'UNION SELECT'
            - 'OR 1=1'
            - 'DROP TABLE'
            - 'information_schema'
            - 'WAITFOR DELAY'
            - 'SLEEP('
    condition: selection and filter and keywords
falsepositives:
    - Legitimate testing with SQL-like strings in prompts (rare)
level: critical
tags:
    - attack.initial_access
    - attack.t1190
    - cve.2026.42208
    - berriai
---
title: Ivanti EPMM Privilege Escalation via Admin Modification
id: e9c7a1b3-9876-5432-10dc-fed987654321
description: Detects potential exploitation of CVE-2026-6973 where a low-privileged user grants themselves admin rights or modifies admin configurations in Ivanti EPMM.
status: experimental
date: 2026/05/07
author: Security Arsenal
references:
    - https://www.cisa.gov/known-exploited-vulnerabilities-catalog
logsource:
    product: ivanti epmm
    service: audit
detection:
    selection:
        EventID|contains:
            - 'USER_UPDATE'
            - 'ROLE_ASSIGNMENT'
    filter_legit_admin:
        src_user|contains:
            - 'admin'
            - 'service_account'
    escalation:
        new_role|contains:
            - 'Super Admin'
            - 'Global Admin'
    condition: selection and not filter_legit_admin and escalation
falsepositives:
    - Legitimate administrative actions performed by non-admin accounts during delegated management tasks
level: high
tags:
    - attack.privilege_escalation
    - attack.t1078
    - cve.2026.6973
    - ivanti


kql
// Hunt for LiteLLM SQL Injection Signs (Web Proxy/ Firewall Logs)
// Look for SQL syntax in query parameters targeting LiteLLM paths
let SqlKeywords = dynamic(["UNION", "SELECT", "INSERT", "DROP", "UPDATE", "DELETE", "SHUTDOWN", "WAITFOR", "SLEEP", "BENCHMARK", "1=1", "2=2", "--", "/*", "*/"]);
let LiteLLMPaths = dynamic(["/chat/completions", "/completions", "/key/generate", "/model/list"]);
DeviceNetworkEvents
| where ActionType in ("ConnectionAllowed", "ConnectionSuccess")
| where RemoteUrl has_any (LiteLLMPaths)
| parse RemoteUrl with Protocol "://" Host "/" Path "/" Query "/" 
| extend QueryString = iff(isempty(Query), Path, strcat(Path, "?", Query))
| where QueryString has_any (SqlKeywords)
| project Timestamp, DeviceName, RemoteUrl, InitiatingProcessAccountName, QueryString
| summarize count() by bin(Timestamp, 1h), DeviceName, RemoteUrl

// Hunt for Ivanti EPMM Suspicious Administrative Activity
// Check for user role changes or admin creation from non-standard IPs or users
SecurityEvent
| where EventID == 4672 or EventID == 4728 or EventID == 4732 // Privilege use or Group Member Added
| where SubjectUserName != "admin" and SubjectUserName != "Administrator"
| where TargetUserName contains "Admin" or GroupName contains "Admin"
| project Timestamp, Computer, SubjectUserName, TargetUserName, GroupName, IpAddress
| sort by Timestamp desc


powershell
# Remediation & Inventory Script for CVE-2026-42208 (BerriAI LiteLLM) & CVE-2026-6973 (Ivanti EPMM)
# Requires Administrative Privileges

Write-Host "Starting Security Arsenal Vulnerability Scan..." -ForegroundColor Cyan

# 1. Check for BerriAI LiteLLM (Docker/Container check)
Write-Host "\n[1] Checking for BerriAI LiteLLM Containers..." -ForegroundColor Yellow
$dockerCmd = Get-Command docker -ErrorAction SilentlyContinue
if ($dockerCmd) {
    $containers = docker ps --format "{{.ID}}\t{{.Image}}\t{{.Ports}}" 2>$null
    if ($containers) {
        $liteLLMFound = $false
        foreach ($line in $containers) {
            if ($line -match "litellm" -or $line -match "berri") {
                Write-Host "[!] POTENTIAL VULNERABILITY FOUND: LiteLLM Container Running." -ForegroundColor Red
                Write-Host $line
                $liteLLMFound = $true
            }
        }
        if (-not $liteLLMFound) { Write-Host "[+] No LiteLLM containers found." -ForegroundColor Green }
    }
} else {
    Write-Host "[-] Docker not found." -ForegroundColor Gray
}

# 2. Check for Ivanti Endpoint Manager Mobile (EPMM) Service
Write-Host "\n[2] Checking for Ivanti EPMM Services..." -ForegroundColor Yellow
$ivantiService = Get-Service -Name "MCS*" -ErrorAction SilentlyContinue # MCS is commonly associated with MobileIron/EPMM
if ($ivantiService) {
    foreach ($svc in $ivantiService) {
        Write-Host "[!] POTENTIAL VULNERABILITY FOUND: Ivanti Service Detected." -ForegroundColor Red
        Write-Host "Service Name: $($svc.Name)"
        Write-Host "Status: $($svc.Status)"
        Write-Host "Path: $($svc.PathName)"
        
        # Attempt to get version info from file path if available
        $pathExe = $svc.PathName -replace '"', ''
        if (Test-Path $pathExe) {
            $versionInfo = (Get-Item $pathExe).VersionInfo
            Write-Host "File Version: $($versionInfo.FileVersion)"
            Write-Host "Action Required: Verify this version is patched against CVE-2026-6973."
        }
    }
} else {
    Write-Host "[+] No Ivanti EPMM services found." -ForegroundColor Green
}

# 3. Validate Firewall Block (Temporary Mitigation for Ivanti)
Write-Host "\n[3] Checking Firewall Rules (Ivanti Mitigation Check)..." -ForegroundColor Yellow
# Note: This is a generic check. Specific rule names vary.
$fwBlock = Get-NetFirewallRule | Where-Object { $_.DisplayName -like "*MobileIron*" -or $_.DisplayName -like "*Ivanti*" } | Select-Object DisplayName, Enabled
if ($fwBlock) {
    Write-Host "Found existing firewall rules for Ivanti:" -ForegroundColor Cyan
    $fwBlock | Format-Table -AutoSize
} else {
    Write-Host "[!] Warning: No specific firewall rules found restricting Ivanti access." -ForegroundColor Yellow
    Write-Host "Recommendation: Restrict port 443/8081 to known internal subnets only."
}

Write-Host "\nScan Complete." -ForegroundColor Cyan

Patch & Remediation Priorities

Priority 1: CVE-2026-42208 (BerriAI LiteLLM)

  • Risk: Immediate data breach of AI API keys and potential RCE.
  • Action: Update LiteLLM to the latest version immediately. If a specific patch version is not released by the vendor, isolate the instance from the internet immediately.
  • Workaround: If patching is impossible, place the LiteLLM proxy behind a Web Application Firewall (WAF) with strict SQL injection signatures enabled.
  • Advisory: Check the BerriAI GitHub Repository for security releases.

Priority 2: CVE-2026-6973 (Ivanti EPMM)

  • Risk: Complete compromise of mobile device fleet and potential lateral movement.
  • Action: Apply the security patch provided by Ivanti for EPMM.
  • Workaround: Disable internet-facing access to the EPMM management console. Enforce IP allow-listing for administrators.
  • Advisory: Ivanti Security Advisory

CISA Deadlines: Federal Civilian Executive Branch (FCEB) agencies must remediate these vulnerabilities by 2026-05-29 per BOD 23-01. Private sector entities should adhere to this strict timeline given the confirmed active exploitation.

Related Resources

Security Arsenal Penetration Testing Managed SOC & MDR AlertMonitor Platform From The Dark Side Intel Hub

darkwebcisa-kevactively-exploitedransomwarecve-2026-42208cve-2026-6973berriaiivanti

Is your security operations ready?

Get a free SOC assessment or see how AlertMonitor cuts through alert noise with automated triage.

Book a SOC AssessmentSee AlertMonitor in Action