semantic-router exposed to compromised litellm wheel (CVE-2026-42208) via unbounded transitive pin
semantic-router versions 0.1.8 through 0.1.14 declare litellm>=1.61.3 with no upper bound. During the window in which litellm==1.82.8 was the latest release on PyPI, a fresh install of any affected semantic-router version could resolve to that compromised wheel. The malicious litellm==1.82.8 wheel ships a litellm_init.pth file that executes on Python interpreter startup — no import required. It collects and exfiltrates: Process environment variables AWS / GCP / Azure credentials SSH keys, …