alt Hacker NewsBadHost – CVE-2026-48710: Starlette Host-Header Auth Bypass
Comments
If you read the advisory and are wondering what starlette is, from it's web page: starlette is a lightweight ASGI framework/toolkit, which is ideal for building async web services in Python.
It's used a lot in the data heavy AI world for it's efficiency shipping large files. This includes lots and lots of production servers.
From the advisory: this includes LLM inference servers like vLLM, LLM proxy servers like LiteLLM, AI agent frameworks, MCP gateways, and custom APIs. MCP servers are especially at risk because the MCP spec mandates unauthenticated OAuth discovery endpoints, providing a reliable path for exploitation.
If you're using nginx/apache/literally anything that does reverse proxying correctly, this shouldn't be a problem unless you're routing all traffic over default_server rules unstead of server_name (or the equivalent).
They should be stopping this attack at the door (even if only to clean out your logs from scraper door knocks), which is probably why it went unnoticed for years. I don't think anyone would be deploying {A,W}SGI servers on public facing ports these days. Even if only because SSL termination is much easier in the proxy layer.
Also good lord that ARS article is a mess. What the hell happened there? An ASGI server isn't unique to AI or anything, it's just a regular supply chain dependency. I kinda expect better from ARS on stuff like this.
From the link, on how the attack works:
An attacker can send a crafted request like GET /protected with a Host: example.com/health?x= header. The request will reach the /proteced path, but request.url would be https://example.com/health?x=/protected, and request.url.path would return /health instead of the real request path.
This is a bad one. Rating it a medium understates how hard it hits thousands of downstream projects and billions of installs. People need to patch asap. I'm normally against the "giving a bug a name, logo, and website" trope, but this one is getting poor patch rates because of it being rated a medium and landing right before a big American holiday weekend.
Is catchy name with domain and website for every vulnerability now the norm? I mean it's good that it was found but there have been a lot of vulnerability websites lately.
I need to start some kind of public counter for major vulnerabilities that could have been prevented with a software building code. It's been ticking up a lot latey
Notably CVE-2026-48710 hasn't been added into cloud sec vuln catalogs quite yet. Since fastapi ~is starlette, expect the later half of this week / early next to be busy.
Setting aside this issue, Starlette is a really great web server.
If you do async python I strongly recommend it.
FastAPI is built on Starlette - to be honest I don’t see the point of the extra baggage - just use Starlette.
[dead]
[flagged]
The URL was meant to be https://badhost.org, the site accidentally still has the old canonical meta tag.
[flagged]
[flagged]
[flagged]
[flagged]
[flagged]
[dead]
[flagged]
Never, ever, ever transform URIs and paths by string manipulation. If you think pulling in a library for this is overkill, it is not.
(Lesson learned from trying to quickly write my own function to make ".." to go back one URL segment that took 3 hours and discovering the URI spec contradicts my intuition depending on whether the URI is a URL or filesystem path.)