LiteLLM v1.82.8 Compromise Uses .pth File for Persistent Execution
Compromise Details
LiteLLM versions 1.82.7 and 1.82.8 were compromised on PyPI last week. The v1.82.8 payload is particularly concerning because it uses a .pth file in site-packages that executes arbitrary code on every Python process startup.
Python's site.py processes .pth files at interpreter startup, and any line starting with 'import' is executed. This means the malicious code runs even if you have LiteLLM installed as a transitive dependency and never import or use it directly.
Impact and Distribution
According to Wiz data, LiteLLM is present in 36% of cloud environments as a transitive dependency. It gets pulled in by:
- AI agent frameworks
- MCP servers
- LLM orchestration tools
Response and Hardening
The source includes a hardening guide covering this specific vulnerability and nine other measures related to the broader TeamPCP supply chain campaign. The Python/AI engineer quick start section outlines three immediate actions to take this week.
For detailed mitigation steps and the full hardening guide, refer to the advisory at: https://raxe.ai/labs/advisories/RAXE-2026-045
📖 Read the full source: r/LocalLLaMA
👀 See Also
mcp-scan: Security scanner for MCP server configurations
mcp-scan checks MCP server configurations for security issues including secrets in config files, known vulnerabilities in packages, suspicious permission patterns, exfiltration vectors, and tool poisoning attacks. It auto-detects configs for Claude Desktop, Cursor, VS Code, Windsurf, and 6 other AI clients.
Malware Found in OpenClaw Community Skills — Crypto Theft Alert
OpenObscure: Open-Source On-Device Privacy Firewall for AI Agents
OpenObscure is an open-source, on-device privacy firewall that sits between AI agents and LLM providers. It uses FF1 Format-Preserving Encryption with AES-256 to encrypt PII values before requests leave your device, maintaining data structure while protecting privacy.
MCP Sandbox: Run MCP Servers in Isolated Containers Without Trusting Them
A developer built MCP Sandbox, which runs MCP servers in isolated gVisor containers with default-deny network access and safe secret injection, plus pre-execution CVE scanning and pattern checking.