The litellm supply chain attack: how MCP servers got compromised and how to check if you're affected

On March 24, 2026, litellm versions 1.82.7 and 1.82.8 were published to PyPI with malicious code. 97 million monthly downloads. No corresponding GitHub tag or release. The maintainer account was likely fully compromised. The vector Not setup.py. Not import hooks. A .pth file. Python executes .pth files on every interpreter startup when the package is installed. No import needed. Just pip install litellm and every Python process on your machine runs the payload. The attack was found by accident. The .pth uses subprocess.Popen to spawn a new Python process, but since .pth triggers on every interpreter startup, the subprocess re-triggers itself. Fork bomb. Callum McMahon was using an MCP plugin in Cursor that pulled litellm as a transitive dependency. The fork bomb consumed all RAM and crashed the machine. Without that bug, it could have run for weeks. How it spread through MCP MCP clients like Cursor, Claude Desktop, and VS Code launch MCP servers with package executors like uvx and npx

The litellm supply chain attack: how MCP servers got compromised and how to check if you're affected

Related Articles

Tutorials Are Lying to You Here’s What Actually Works ?

Flutter Mistakes That Make Apps Slow ⚡

Welcome Thread - v370

How to Calculate Your Final Grade When the Syllabus Uses Weighted Categories

How Word Scramble Solvers Use the Same Algorithm as Spell Checkers

Related Articles

How-To
Tutorials Are Lying to You Here’s What Actually Works ?
Medium Programming • 51m ago

How-To
Flutter Mistakes That Make Apps Slow ⚡
Medium Programming • 1h ago

How-To
Welcome Thread - v370
Dev.to • 1h ago

How-To
How to Calculate Your Final Grade When the Syllabus Uses Weighted Categories
Dev.to Beginners • 1h ago

How-To
How Word Scramble Solvers Use the Same Algorithm as Spell Checkers
Dev.to Beginners • 1h ago