CISA has added two critical vulnerabilities to its Known Exploited Vulnerabilities catalog on June 8, 2026. The announcement covers CVE-2026-42271, a flaw in BerriAI’s LiteLLM AI gateway, and CVE-2026-50751, affecting Check Point Security Gateway VPN products. Both are under active attack, according to the agency. Federal agencies must remediate within a three-week deadline, but every Windows admin should treat this as an emergency.

These CVEs join a growing list of exploited flaws that put enterprise infrastructure at risk. LiteLLM is a widely used proxy for managing large language model (LLM) requests on Windows servers. Check Point VPN gateways secure remote access for countless distributed teams. A compromise in either product hands attackers broad network access or sensitive AI data. The time between disclosure and active exploitation has again shrunk to near zero.

CVE-2026-42271: LiteLLM AI Gateway Vulnerability

BerriAI’s LiteLLM simplifies API calls to over 100 LLM providers. Developers deploy it on Windows servers to handle authentication, load balancing, and cost tracking for AI services. The software abstracts away provider-specific SDKs. This abstraction layer, however, now carries a dangerous edge.

Details remain sparse. CISA’s KEV entry does not describe the vulnerability’s technical nature. But the fact that threat actors are actively exploiting it points to a pre-auth remote code execution or a severe server-side request forgery bug. In either case, an attacker could take full control of the LiteLLM instance. From there, they could exfiltrate API keys, intercept or manipulate prompts and responses, or pivot deeper into the network. Windows environments running LiteLLM on IIS or as a standalone service face immediate risk.

The AI security community has long warned about supply-chain risks in LLM tooling. A compromised gateway becomes a silent listener. Sensitive data fed to models—from internal documents to customer PII—could flow to an unauthorized third party. Organizations that have not air-gapped their AI middleware must assume breach and begin incident response immediately.

BerriAI issued a fix via a GitHub release. Windows admins should pull the latest container image or update the Python package. A quick version check is essential: any deployment older than the patched release is likely vulnerable. The vendor’s advisory, linked in the CISA catalog, provides the specific version number and upgrade instructions.

CVE-2026-50751: Check Point Security Gateway VPN Weakness

Check Point’s Security Gateway is the backbone of many corporate VPNs. This new vulnerability punches a hole directly into that perimeter defense. The CVE affects gateway appliances, but Windows clients are the primary entry point for users. An exploit could allow an unauthenticated attacker to gain administrative access to the gateway, read VPN session tokens, or even execute arbitrary code on the appliance.

CISA’s inclusion in the KEV catalog confirms active exploitation. Security researchers have observed scanning activity targeting Check Point devices. Initial attack vectors might include exposed administrative interfaces or specially crafted VPN handshake packets. Once inside, attackers can set up rogue VPN profiles, intercept traffic, or move laterally to internal Windows servers and workstations.

For Windows environments, the risk multiplies. Compromised VPN gateways nullify the edge firewall’s protection. Attackers can serve malicious software updates to connecting Windows clients, hijack DNS, or stage man-in-the-middle attacks. Remote employees logging in from home become unwitting vectors. Check Point is urging customers to install the latest Jumbo Hotfix Accumulator. The fix applies to R81.20, R81.10, and R80.40 branches. Windows client VPN software does not require an update, but the gateway patch is mandatory to close the vector.

Three distinct exploitation patterns are emerging from telemetry:
- Credential theft via forged authentication tokens.
- CLI manipulation through unsanitized input to a gateway service.
- Session hijacking using stolen cookie values.

Indicators of compromise include unexpected administrative user creation, outbound connections to unfamiliar IPs, and spikes in VPN authentication failures.

The CISA KEV Catalog and What It Means

The Known Exploited Vulnerabilities catalog serves a blunt purpose: tell organizations which flaws need emergency patching, no excuses. Binding Operational Directive 22-01 gives federal civilian agencies a mandatory timeline—typically three weeks—to close each KEV-listed issue. Private enterprises and SMBs should adopt the same aggressive posture. Delay equals defender time for attackers to automate exploits and sell access to ransomware gangs.

Both new CVEs differ from typical KEV entries. One lives in an AI toolchain, a frontier less familiar to traditional network defenders. The other sits in a VPN appliance, a favorite target for state-linked groups. Together they illustrate how the modern attack surface bridges software-defined AI plumbing and decades-old perimeter security.

Security teams must cross-reference the KEV catalog with their asset inventories. For LiteLLM, that means scanning all Windows servers that run Python-based AI services. For Check Point, it means validating that every gateway appliance has the latest Jumbo Hotfix installed. CISA’s catalog page links directly to vendor advisories and detection signatures.

Immediate Steps for Windows Administrators

Patching is the first and non-negotiable action. But these active exploits demand layered response:

  • Isolate potentially affected systems. If a LiteLLM server cannot be immediately updated, disable its network access and restrict LLM API calls until the fix is applied.
  • Audit Check Point admin accounts. Look for unknown users, especially those created in the last 30 days. Rotate all administrator credentials.
  • Monitor for data exfiltration. Because LiteLLM handles API keys and prompt data, check cloud provider audit logs for unusual API usage patterns. For VPN gateways, analyze NetFlow records for large uploads to unknown destinations.
  • Apply vendor-provided IOCs. Both BerriAI and Check Point have published Indicators of Compromise. Ingest these into SIEM and endpoint detection tools.
  • Review network segmentation. Ensure that VPN gateways and AI infrastructure are not over-privileged. Restrict lateral movement paths from these devices to sensitive internal systems.

Windows-specific detection rules can help. Use PowerShell to query registry keys associated with Check Point VPN client configurations. Inspect IIS logs for anomalous requests to LiteLLM endpoints. Enable enhanced logging on Windows Defender Firewall to catch post-exploitation command-and-control traffic originating from compromised gateways.

The Bigger Picture: AI and Edge Security Merge

These two CVEs landing together is more than coincidence. Enterprises are rushing to deploy AI tools alongside existing infrastructure. A vulnerability in an LLM gateway undermines the data pipeline that feeds business intelligence. A vulnerability in a VPN gateway dismantles the primary defense for remote work. Both create footholds for ransomware, espionage, or data theft.

CISA’s move signals that the agency sees AI middleware as critical infrastructure. Expect more AI-related CVEs to hit the KEV catalog as threat actors weaponize prompt injection, model theft, and API abuse. For now, the message to Windows teams is unambiguous: if you run LiteLLM or Check Point VPN, you are a target today, not tomorrow. Patch before the weekend, and start incident response protocols if you find any sign of compromise.

Vendor advisories and links to the KEV catalog are available on CISA’s website and the respective product support portals. The window for proactive defense is rapidly closing.