LiteLLM v1.82.8 Compromise Uses .pth File for Persistent Execution

Compromise Details

LiteLLM versions 1.82.7 and 1.82.8 were compromised on PyPI last week. The v1.82.8 payload is particularly concerning because it uses a .pth file in site-packages that executes arbitrary code on every Python process startup.

Python's site.py processes .pth files at interpreter startup, and any line starting with 'import' is executed. This means the malicious code runs even if you have LiteLLM installed as a transitive dependency and never import or use it directly.

Impact and Distribution

According to Wiz data, LiteLLM is present in 36% of cloud environments as a transitive dependency. It gets pulled in by:

• AI agent frameworks
• MCP servers
• LLM orchestration tools

Response and Hardening

The source includes a hardening guide covering this specific vulnerability and nine other measures related to the broader TeamPCP supply chain campaign. The Python/AI engineer quick start section outlines three immediate actions to take this week.

For detailed mitigation steps and the full hardening guide, refer to the advisory at: https://raxe.ai/labs/advisories/RAXE-2026-045