A critical vulnerability named BadHost affects Starlette, an open source ASGI framework used by FastAPI and many other Python service frameworks. Starlette is widely deployed, with very high download volume, and thousands of dependent projects rely on it. The flaw is tracked as CVE-2026-48710 and is trivial to exploit, especially when systems are not protected by a properly configured firewall. BadHost allows attackers to bypass path-based authorization by injecting a single character into the HTTP Host header. Starlette versions prior to 1.0.1 are affected, and the issue also impacts packages such as vLLM and LiteLLM. Because ASGI-based systems can access MCP servers that store third-party credentials, attackers may steal sensitive data and credentials from connected services.
"A single character injected into the HTTP Host header bypasses path-based authorization in Starlette, the routing core of FastAPI, researchers from Secwest wrote. Through FastAPI, this primitive (now tracked as CVE-2026-48710 and branded BadHost by the discoverers) reaches a large segment of the Python AI tooling ecosystem: vLLM (where the bug was discovered), LiteLLM, Text G"
"The vulnerability is present in Starlette, an open source framework that its developer says receives 325 million downloads per week. Thousands of other open source projects are also vulnerable because they require Starlette to work. The framework is an implementation of the ASGI (asynchronous server gateway interface), which allows large numbers of requests to be efficiently processed simultaneously."
"ASGI, and by extension Starlette, have access to servers running the MCP (model context protocol), which allows AI agents from major providers to access external sources, including user data bases, email and calendar accounts, and all manner of other resources. To connect with these external systems, MCP servers store credentials for each one, making them especially valuable storehouses for attackers to breach."
"BadHost affects Starlette versions prior to 1.0.1, which was released Friday. The vulnerability, tracked as CVE-2026-48710 and under the name BadHost, is trivial to exploit and works against most systems that aren't behind a properly configured firewall. Besides FastAPI, other widely used packages-including vLLM, and LiteLLM-are also affected."
Read at Ars Technica
Unable to calculate read time
Collection
[
|
...
]