A critical pre-authentication SQL injection (CVSS 9.3) in LiteLLM — an open-source AI request gateway with 22,000+ GitHub stars used to route calls to OpenAI, Anthropic, and other providers — was actively exploited roughly 26 hours after its GitHub advisory was indexed, per Sysdig's threat research team. The flaw in proxy API key verification (versions 1.81.16–1.83.6, patched in v1.83.7 on April 19) lets unauthenticated attackers enumerate the proxy database containing upstream provider credentials, virtual API keys, and proxy configuration. Sysdig observed deliberate, apparently customized schema enumeration but found no confirmed credential exfiltration. Users on affected versions should upgrade immediately and rotate all stored credentials.