LiteLLM v1.82.8 Compromise Uses .pth File for Persistent Execution
Compromise Details
LiteLLM versions 1.82.7 and 1.82.8 were compromised on PyPI last week. The v1.82.8 payload is particularly concerning because it uses a .pth file in site-packages that executes arbitrary code on every Python process startup.
Python's site.py processes .pth files at interpreter startup, and any line starting with 'import' is executed. This means the malicious code runs even if you have LiteLLM installed as a transitive dependency and never import or use it directly.
Impact and Distribution
According to Wiz data, LiteLLM is present in 36% of cloud environments as a transitive dependency. It gets pulled in by:
- AI agent frameworks
- MCP servers
- LLM orchestration tools
Response and Hardening
The source includes a hardening guide covering this specific vulnerability and nine other measures related to the broader TeamPCP supply chain campaign. The Python/AI engineer quick start section outlines three immediate actions to take this week.
For detailed mitigation steps and the full hardening guide, refer to the advisory at: https://raxe.ai/labs/advisories/RAXE-2026-045
📖 Read the full source: r/LocalLLaMA
👀 See Also
Independent Report on MCP Server Reliability and Security Findings
An independent analysis of 2,181 MCP server endpoints reveals 52% are dead, 300 have zero authentication, and 51% have wide-open CORS. The report includes methodology and a testing tool.
Security probe results for OpenClaw, PicoClaw, ZeroClaw, IronClaw, and Minion AI agents
A security evaluation of five AI coding agents tested 145 attack payloads across 12 categories including prompt injection, jailbreaking, and data exfiltration. OpenClaw scored 77.8/100 with critical SQL injection vulnerabilities, while Minion improved from 81.2 to 94.4/100 after fixes.
Privacy Concerns in OpenClaw: Skills, SOUL MD, and Agent Communication
A developer raises privacy concerns about OpenClaw's architecture, specifically around skills having unrestricted access to sensitive data, SOUL MD being writable, and agents sharing information without filters.
OneCLI: Open-Source Credential Vault for AI Agents
OneCLI is an open-source gateway written in Rust that sits between AI agents and external services, injecting real credentials at request time while agents only see placeholder keys. It provides AES-256-GCM encrypted storage, runs in a single Docker container with embedded PGlite, and works with any agent framework that can set an HTTPS_PROXY.