3 min read
News Brief CISA added CVE-2026-42271 to its Known Exploited Vulnerabilities catalog after Horizon3.ai chained the LiteLLM MCP command injection flaw with a Starlette authentication bypass to achieve unauthenticated RCE on AI gateway deployments. Federal agencies have until June 22 to patch.