{
  "title": "LiteLLM Python SDK PyPI Hijacking & Cascading Trust Failure",
  "summary": "On March 24, 2026, the popular LiteLLM Python package was compromised on PyPI. Attackers harvested PyPI publishing secrets from LiteLLM's CI/CD runner via a previously backdoored dependency, uploading malicious versions containing a python startup hook payload.",
  "date": "2026-03-24",
  "severity": "critical",
  "tags": [
    "pypi",
    "package-compromise",
    "supply-chain",
    "credential-theft",
    "teampcp",
    "cascading-trust"
  ],
  "sources_count": 3,
  "indicators": {
    "slug": "litellm-pypi-hijacking",
    "since": "2026-03-19T08:00:00Z",
    "until": "2026-03-24T23:59:59Z",
    "ecosystem": "pypi, python pypi registry",
    "cves": [],
    "cwes": [],
    "advisoryIds": [],
    "products": [],
    "packages": [
      "litellm"
    ],
    "versions": [
      "1.82.7",
      "1.82.8"
    ],
    "affectedVersions": [],
    "fixedVersions": [
      "1.83.0"
    ],
    "files": [],
    "paths": [],
    "services": [],
    "domains": [
      "www.litellm.ai"
    ],
    "urls": [
      "https://www.litellm.ai`"
    ],
    "ips": [],
    "hashes": [],
    "processPatterns": [],
    "networkPatterns": [],
    "telemetrySelectors": []
  }
}