VDB

GCVE-110-NCSC-2026-171

GCVE-110-NCSC-2026-171
Advisory PublishedCVSS 6.5/10
Vulnetix · Advisory published May 29, 2026
Starlette versions before 1.0.1 did not validate the HTTP Host header when reconstructing request URLs, allowing attackers to inject paths and potentially bypass authentication based on the reconstructed URL path.

Weaknesses (CWE)

CWE-444Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')

Risk Scores

CVSS 3.1
6.5/10
Medium · CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

Affected Products

VendorProductVersionsPlatforms
Kludexvers:unknown/*

References

advisory
advisory
advisory
advisory

Browse GCVE Records

72,921 records in the GCVE database · Updated July 15, 2026

No matching records found.

Explore Further

Investigate this vulnerability in the interactive console or download the raw GCVE record.

$ Console Community · 100/wk Open console ›