A critical SQL injection vulnerability in the open source AI gateway LiteLLM was exploited just 36 hours after being indexed in GitHub's advisory database on April 24th. The flaw, rated 9.3 out of 10 in severity, allowed unauthenticated attackers to access database tables containing API keys and provider credentials by sending a specially crafted authorization header during the proxy's key verification process. LiteLLM has released a patched version, and while the attacks were automated and precisely targeted, security firm Sysdig says the extracted credentials have not been abused so far.