CVE-2026-48710

CVE-2026-48710, also known as BadHost, is a vulnerability affecting Starlette versions prior to 1.0.1. A lack of input sanitization on host header paths in Starlette leads to bypassing authentication with a single character across a large swath of Python LLM infrastructure including very large and prominent projects such as FastAPI, LiteLLM, vLLM, text generation inference projects, most OpenAI shim proxies, MCP servers, Agent harnesses, eval dashboards, and model-management UIs. In affected versions, the HTTP Host request header was not validated before being used to reconstruct request.url. Because the routing algorithm relies on the raw HTTP path while request.url is rebuilt from the Host header, a malformed header could make request.url.path differ from the path that was actually requested. Middleware and endpoints that apply security restrictions based on request.url (rather than the raw scope path) could therefore be bypassed. A successful attacker could exploit BadHost to gain access to sensitive data and exfiltrate credentials used by third-party accounts.

EPSS 0.04% · 14.3th percentile