The Python package Litellm versions 1.82.7 and 1.82.8 on PyPI have been compromised with malicious code that executes a forkbomb, causing systems to run out of RAM. The issue was discovered by a user who noticed abnormal behavior during setup and found a base64-encoded payload in proxy_server.py. This is a critical supply chain attack affecting a popular AI/LLM integration library.
Background
Litellm is a popular open-source library that provides a unified interface to interact with various large language model APIs, widely used in AI application development. PyPI (Python Package Index) is the official repository for Python packages, making such compromises a significant supply chain security threat.
- Source
- Hacker News (RSS)
- Published
- Mar 24, 2026 at 08:06 PM
- Score
- 9.0 / 10