Starlette Patches CVE-2026-48710 Auth Bypass Across 400,000 Dependent Projects

4 articles · Updated · InfoWorld · May 27

Starlette released version 1.0.1 or later to block CVE-2026-48710, a flaw that lets unauthenticated attackers bypass protected routes by sending a malformed Host header.
One extra slash, question mark or hash can desynchronize the path Starlette shows middleware from the path the server actually routes, turning a 403 Forbidden request into 200 OK in X41 D-Sec’s demo.
X41 rated the bug 7.0 while Starlette scored it 6.5, arguing downstream risk is higher because vulnerable apps can chain the bypass into SSRF or even remote code execution.
Production sites behind nginx or Apache usually reject the malformed request first, but directly exposed FastAPI or Starlette apps, model proxies such as LiteLLM or vLLM, and code that trusts reconstructed URLs face the most risk.
The impact may reach far beyond direct Starlette users because FastAPI-based model-serving, gateway, proxy, agent and MCP-server stacks often inherit the framework indirectly.

Is the 'BadHost' bug a simple coding error or a symptom of a deeper flaw in modern web architecture?

A critical AI framework flaw exists. Why do its creator and security experts fiercely disagree on the danger?