VDB
GCVE-110-NCSC-2026-171
GCVE-110-NCSC-2026-171
Advisory PublishedCVSS 6.5/10
Starlette versions before 1.0.1 did not validate the HTTP Host header when reconstructing request URLs, allowing attackers to inject paths and potentially bypass authentication based on the reconstructed URL path.
Weaknesses (CWE)
CWE-444Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')
Risk Scores
CVSS 3.1
6.5/10
Medium · CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
Affected Products
| Vendor | Product | Versions | Platforms |
|---|---|---|---|
| Kludex | vers:unknown/* | — | — |
Aliases
Browse GCVE Records
72,921 records in the GCVE database · Updated July 15, 2026
No matching records found.
Explore Further
Investigate this vulnerability in the interactive console or download the raw GCVE record.