Listen to this Post
How the mentioned CVE works:
The vulnerability exists in a database query used during proxy API key checks. The proxy receives an API key via the Authorization header. Instead of using a parameterized query, the caller-supplied key value is directly concatenated into the SQL query text. This occurs within an error-handling path when the proxy processes requests to LLM API routes like POST /chat/completions. An unauthenticated attacker can craft a malicious Authorization header containing SQL syntax. When the proxy attempts to validate the key, the malformed input leads to the vulnerable query being executed. Because the input is embedded without sanitization or parameterization, the attacker can inject arbitrary SQL commands. The query runs against the proxy’s internal database, which stores API keys, credentials, and configuration data. Successful injection allows reading sensitive records, and potentially issuing UPDATE, INSERT, or DELETE statements. This can result in full compromise of the proxy’s data and the credentials it manages. The attack requires no prior authentication, as the vulnerable code path is triggered before key validation completes. The issue was fixed by changing the code to pass the caller-supplied value as a separate parameter, eliminating injection. The patch version is 1.83.7. A workaround disables the error-logging feature that leads to the vulnerable query path.
dailycve form:
Platform: LLM Proxy
Version: before 1.83.7
Vulnerability: SQL Injection
Severity: Critical
date: 2026-04-24
Prediction: 2026-04-25
What Undercode Say:
Analytics
Log analysis to detect exploitation attempts
grep -E "Authorization:.'|--|;|SELECT|UNION" /var/log/proxy/access.log
Monitor for unusual SQL characters in headers
tail -f /var/log/proxy/error.log | grep -i "sql|database"
Count distinct injected patterns
cat access.log | awk -F'"' '/Authorization/ {print $6}' | sort | uniq -c | sort -rn
Exploit:
Example malicious Authorization header
curl -X POST http://target-proxy/chat/completions \
-H "Authorization: Bearer ' OR '1'='1' -- " \
-H "Content-Type: application/json" \
-d '{"model":"gpt-3.5","messages":[{"role":"user","content":"test"}]}'
SQL injection to dump credentials
curl -X POST http://target-proxy/chat/completions \
-H "Authorization: Bearer ' UNION SELECT username,password FROM api_keys -- " \
...
Protection from this CVE
- Upgrade to version 1.83.7 or later immediately.
- If upgrade not possible, set `disable_error_logs: true` in
general_settings. - Use a Web Application Firewall (WAF) to block SQL metacharacters in headers.
- Apply network segmentation to limit database exposure.
- Regularly rotate API keys and credentials stored in the proxy.
Impact
- Unauthenticated attackers can read the proxy’s database, including stored API keys and credentials.
- Attackers may modify database contents, leading to privilege escalation.
- Compromised proxy can be used to access backend LLM services and other integrated systems.
- Loss of confidentiality, integrity, and availability of the proxy’s managed secrets.
🎯Let’s Practice Exploiting & Learn Patching For Free:
Sources:
Reported By: github.com
Extra Source Hub:
Undercode

