CVE-2026-48710
Starlette has missing Host header validation that poisons request.url.path, bypassing path-based security checks
Description
Starlette is a lightweight ASGI framework/toolkit. Prior to version 1.0.1, the HTTP `Host` request header was not validated before being used to reconstruct `request.url`. Because the routing algorithm relies on the raw HTTP path while `request.url` is rebuilt from the `Host` header, a malformed header could make `request.url.path` differ from the path that was actually requested. Middleware and endpoints that apply security restrictions based on `request.url` (rather than the raw `scope` path) could therefore be bypassed. Users should upgrade to a version greater than or equal to version 1.0.1, which validates the `Host` header against the grammar of RFC 9112 §3.2 / RFC 3986 §3.2.2 when constructing `request.url` and falls back to `scope["server"]` for malformed values.
INFO
Published Date :
May 26, 2026, 10:16 p.m.
Last Modified :
June 16, 2026, 1:16 p.m.
Remotely Exploit :
Yes !
Source :
[email protected]
CVSS Scores
| Score | Version | Severity | Vector | Exploitability Score | Impact Score | Source |
|---|---|---|---|---|---|---|
| CVSS 3.1 | MEDIUM | [email protected] | ||||
| CVSS 3.1 | MEDIUM | [email protected] | ||||
| CVSS 3.1 | MEDIUM | 0b0ca135-0b70-47e7-9f44-1890c2a1c46c |
Solution
- Upgrade Starlette to version 1.0.1 or later.
- Ensure Host header validation is properly configured.
- Use `scope["server"]` for malformed values.
Public PoC/Exploit Available at Github
CVE-2026-48710 has a 17 public
PoC/Exploit available at Github.
Go to the Public Exploits tab to see the list.
References to Advisories, Solutions, and Tools
Here, you will find a curated list of external links that provide in-depth
information, practical solutions, and valuable tools related to
CVE-2026-48710.
CWE - Common Weakness Enumeration
While CVE identifies
specific instances of vulnerabilities, CWE categorizes the common flaws or
weaknesses that can lead to vulnerabilities. CVE-2026-48710 is
associated with the following CWEs:
Common Attack Pattern Enumeration and Classification (CAPEC)
Common Attack Pattern Enumeration and Classification
(CAPEC)
stores attack patterns, which are descriptions of the common attributes and
approaches employed by adversaries to exploit the CVE-2026-48710
weaknesses.
We scan GitHub repositories to detect new proof-of-concept exploits. Following list is a collection of public exploits and proof-of-concepts, which have been published on GitHub (sorted by the most recently updated).
A mostly complete plugin that allows hermes agents to communicate and collaborate across nodes.
Python
None
Python HTML Jupyter Notebook Makefile
None
Dockerfile Python Shell HTML TypeScript CSS
A documentation wiki explaining the internal architecture of NousResearch's Hermes Agent framework — how its tools, memory, skills, multi-agent and gateway systems actually work, mapped to verified source code. English edition.
None
HTML JavaScript
Portainer stack configuration for Honcho AI memory layer (plastic-labs/honcho)
Shell
Modern supply chain security for the npm ecosystem. Static + behavioral analysis that catches what npm audit, Snyk, and Socket miss — obfuscated payloads, credential stealers, conditional triggers, sandbox evasion, and worm-like propagation.
Makefile Python JavaScript PLpgSQL Go Template Shell
🤖 每日AI工具精选 — 自动更新的AI工具/资源清单,与缪兔AI信息差同步
Pre-deploy static scanner for risky AI agent capabilities. Local-only. No telemetry. No network calls during scan. Redacted output. MIT.
agent cli github-actions mcp security ai-agents crewai langchain pre-deployment static-analysis
Python Dockerfile Shell TypeScript
None
Python Jinja Batchfile Shell
Workspace Repo For HermesAgent Deployed on MacOS
Shell Python Swift
Hermes agent + LLM Wiki + 源代码 完成 Hermes agent wiki
Hermes Agent setup, migration, LightRAG, Telegram, and skill creation guide
Shell
Cathedral-Grade Security for AI Agents. Attack vectors updated daily. Local-first, zero API cost. MIT licensed.
Python
Architecting Efficiency & AI-First Systems | Personal Profile & Portfolio Repository
github-profile profile
Results are limited to the first 15 repositories due to potential performance issues.
The following list is the news that have been mention
CVE-2026-48710 vulnerability anywhere in the article.
-
TheCyberThrone
CISA adds BerriAI LiteLLM & Check Point Security Gateway to KEV
CISA added two vulnerabilities to its Known Exploited Vulnerabilities catalog on June 8, 2026, confirming active exploitation of both. The two entries are CVE-2026-42271 (BerriAI LiteLLM Command Injec ... Read more
-
The Hacker News
LiteLLM Flaw CVE-2026-42271 Exploited in the Wild, Chains to Unauthenticated RCE
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added a high-severity flaw impacting BerriAI LiteLLM to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of ... Read more
-
CybersecurityNews
Attackers Can Exploit BadHost to Access Sensitive AI Agent Server Endpoints
A newly disclosed critical vulnerability, tracked as CVE-2026-48710 and dubbed “BadHost,” is putting thousands of AI-powered applications at risk by enabling authentication bypass through manipulated ... Read more
-
security.nl
Miljoenen AI-agents en -tools kwetsbaar door beveiligingslek in Starlette
Miljoenen AI-agents en -tools bevatten een kwetsbaarheid waardoor aanvallers toegang tot de onderliggende server kunnen krijgen en gegevens kunnen stelen, zo waarschuwen beveiligingsonderzoekers. Het ... Read more
The following table lists the changes that have been made to the
CVE-2026-48710 vulnerability over time.
Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability's severity, exploitability, or other characteristics.
-
CVE Modified by 0b0ca135-0b70-47e7-9f44-1890c2a1c46c
Jun. 16, 2026
Action Type Old Value New Value Added CVSS V3.1 AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N Added CWE CWE-1289 Added Reference https://access.redhat.com/security/cve/CVE-2026-48710 Added Reference https://badhost.org Added Reference https://github.com/Kludex/starlette/commit/764dab0dcfb9033d75442d7a359645c9f94648c6 Added Reference https://github.com/Kludex/starlette/security/advisories/GHSA-86qp-5c8j-p5mr Added Reference https://github.com/pypa/advisory-database/tree/main/vulns/starlette/PYSEC-2026-161.yaml Added Reference https://ostif.org/disclosing-the-badhost-vulnerability-in-starlette Added Reference https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-48710.json Added Reference https://www.cve.org/CVERecord?id=CVE-2026-48710 Added Reference https://www.secwest.net/starlette Added Reference https://www.x41-dsec.de/lab/advisories/x41-2026-002-starlette -
Initial Analysis by [email protected]
Jun. 03, 2026
Action Type Old Value New Value Added CVSS V3.1 AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N Added CPE Configuration OR *cpe:2.3:a:encode:starlette:*:*:*:*:*:python:*:* versions from (including) 0.8.3 up to (excluding) 1.0.1 Added Reference Type GitHub, Inc.: https://badhost.org Types: Mitigation, Third Party Advisory Added Reference Type GitHub, Inc.: https://github.com/Kludex/starlette/commit/764dab0dcfb9033d75442d7a359645c9f94648c6 Types: Patch Added Reference Type GitHub, Inc.: https://github.com/Kludex/starlette/security/advisories/GHSA-86qp-5c8j-p5mr Types: Vendor Advisory Added Reference Type GitHub, Inc.: https://github.com/pypa/advisory-database/tree/main/vulns/starlette/PYSEC-2026-161.yaml Types: Third Party Advisory Added Reference Type GitHub, Inc.: https://ostif.org/disclosing-the-badhost-vulnerability-in-starlette Types: Mitigation, Third Party Advisory Added Reference Type GitHub, Inc.: https://www.secwest.net/starlette Types: Exploit, Mitigation, Third Party Advisory Added Reference Type GitHub, Inc.: https://www.x41-dsec.de/lab/advisories/x41-2026-002-starlette Types: Exploit, Mitigation, Third Party Advisory -
New CVE Received by [email protected]
May. 26, 2026
Action Type Old Value New Value Added Description Starlette is a lightweight ASGI framework/toolkit. Prior to version 1.0.1, the HTTP `Host` request header was not validated before being used to reconstruct `request.url`. Because the routing algorithm relies on the raw HTTP path while `request.url` is rebuilt from the `Host` header, a malformed header could make `request.url.path` differ from the path that was actually requested. Middleware and endpoints that apply security restrictions based on `request.url` (rather than the raw `scope` path) could therefore be bypassed. Users should upgrade to a version greater than or equal to version 1.0.1, which validates the `Host` header against the grammar of RFC 9112 §3.2 / RFC 3986 §3.2.2 when constructing `request.url` and falls back to `scope["server"]` for malformed values. Added CVSS V3.1 AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N Added CWE CWE-444 Added Reference https://badhost.org Added Reference https://github.com/Kludex/starlette/commit/764dab0dcfb9033d75442d7a359645c9f94648c6 Added Reference https://github.com/Kludex/starlette/security/advisories/GHSA-86qp-5c8j-p5mr Added Reference https://github.com/pypa/advisory-database/tree/main/vulns/starlette/PYSEC-2026-161.yaml Added Reference https://ostif.org/disclosing-the-badhost-vulnerability-in-starlette Added Reference https://www.secwest.net/starlette Added Reference https://www.x41-dsec.de/lab/advisories/x41-2026-002-starlette