- Description
- Starlette is a lightweight ASGI framework/toolkit. Prior to version 1.0.1, the HTTP `Host` request header was not validated before being used to reconstruct `request.url`. Because the routing algorithm relies on the raw HTTP path while `request.url` is rebuilt from the `Host` header, a malformed header could make `request.url.path` differ from the path that was actually requested. Middleware and endpoints that apply security restrictions based on `request.url` (rather than the raw `scope` path) could therefore be bypassed. Users should upgrade to a version greater than or equal to version 1.0.1, which validates the `Host` header against the grammar of RFC 9112 §3.2 / RFC 3986 §3.2.2 when constructing `request.url` and falls back to `scope["server"]` for malformed values.
- Source
- security-advisories@github.com
- NVD status
- Analyzed
- Products
- starlette
CVSS 3.1
- Type
- Primary
- Base score
- 6.5
- Impact score
- 2.5
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
- Severity
- MEDIUM
- security-advisories@github.com
- CWE-444
- Hype score
- Not currently trending
CVE-2026-42271: LiteLLM 1.74.2-1.83.6 command injection via MCP test endpoints allows arbitrary OS cmd execution with a valid API key. Fixed in 1.83.7. Chains w/ CVE-2026-48710 for unauthenticated RCE. CISA KEV. Patch now and rotate credentials. #litellm #CVE202642271
@GreyZoneSec
12 Jun 2026
5 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 LiteLLM CVE-2026-42271 is exploited in the wild. This AI gateway flaw can allow command execution and may chain with Starlette CVE-2026-48710 to become unauthenticated RCE. https://t.co/wdAnqOmrft #CyberSecurity #LiteLLM #AISecurity #RCE #Vulert
@vulert_official
11 Jun 2026
5 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 New critical LiteLLM flaw is being exploited in the wild. CVE-2026-42271 (CVSS 8.7) — command injection via two MCP preview endpoints. Chained with CVE-2026-48710 (Starlette host header bypass) → unauthenticated RCE (CVSS 10.0). If you run litellm-proxy: read this thre
@456c6f727269
11 Jun 2026
66 Impressions
0 Retweets
0 Likes
1 Bookmark
1 Reply
0 Quotes
LiteLLMのコマンドインジェクションCVE-2026-42271(CVSS 8.7)が悪用されCISAがKEVに追加。StarletteのCVE-2026-48710と連鎖で認証不要RCE、複合CVSS 10.0に。要1.83.7更新 / LiteLLM Flaw CVE-2026-42271 Exploited in the Wild, Chains to Unauthenticated R
@__su888
9 Jun 2026
72 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
Critical Security Advisory LiteLLM Remote Code Execution CVE-2026-42271 and CVE-2026-48710 Threat Intelligence Alert https://t.co/pKGbT7Ml4F #appsec
@eyalestrin
9 Jun 2026
43 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🔐CVE-2026-42271: Critical command injection in LiteLLM AI gateway — actively exploited. Chains with Starlette Host Header bypass (CVE-2026-48710) → unauthenticated RCE (CVSS 10). 🔗 https://t.co/ftjEZPejPl #CyberSecurity #ThreatIntel #CVE202642271 #LiteLLM #AI #RCE #C
@ThreatAft
9 Jun 2026
7 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CISA has added CVE-2026-42271 to its KEV catalog after active exploitation. The LiteLLM command injection flaw can chain with a Starlette auth bypass to enable unauthenticated RCE. #LiteLLM #CVE-2026-42271 #CVE-2026-48710 https://t.co/85aTljWenn
@TweetThreatNews
9 Jun 2026
138 Impressions
1 Retweet
1 Like
0 Bookmarks
0 Replies
0 Quotes
The first confirmed autonomous LLM-agent cyberattack: an AI exploited CVE-2026-48710 ("BadHost") to exfiltrate an AWS database in under 1 hour — without human step-by-step direction. The vulnerability affected the Starlette framework, impacting FastAPI apps, vLLM, LiteLLM, MCP
@kevteachesai
8 Jun 2026
90 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
⚠️ AIエージェント・MCPサーバーに認証バイパス脆弱性「BadHost」(CVE-2026-48710)。vLLM/FastAPI/LiteLLM対象。LLMが1時間以内にAWSデータを自律流出した実証あり。Starlette 1.0.1へ即時更新を https://t.co/QWEg4cL64g #AIセキュリ
@neural_nw_ai
6 Jun 2026
40 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
CVE-2026-48710: A Maintainer's Perspective https://t.co/Dlm5hDiSmd
@PythonHub
6 Jun 2026
675 Impressions
0 Retweets
2 Likes
1 Bookmark
0 Replies
0 Quotes
BadHost CVE bypasses Starlette auth via Host headers. Compromises AI agents, LLM gateways, MCP servers. Patch CVE-2026-48710 now. https://t.co/RfInrCeVdj
@foursignalsdev
2 Jun 2026
14 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
おはモー🐮 【期限当日】LiteSpeed cPanel CVE-2026-48172、CISA KEV対処期限が今日5/29モー🐮 しかも StarletteのBadHost(CVE-2026-48710)も新たに来たモー… 今日の朝5分で: ✅ cPanelパッチ適用状況の最終確認 ✅ FastAPI/vLLM
@accell_mo_kun
28 May 2026
77 Impressions
0 Retweets
1 Like
0 Bookmarks
1 Reply
0 Quotes
@ohdonpier flagged BadHost (CVE-2026-48710) in Starlette today. The point matters: MCP servers are credential aggregators by design. Vault keeps the keys outside the MCP server process, brokered per-call. One framework CVE doesn't drain everything. https://t.co/bnPfzDU0FY
@1clawAI
28 May 2026
180 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
BadHost – CVE-2026-48710: Starlette Host-Header Auth Bypass https://t.co/H5Tg5PRSrh FastAPI vuln
@jreuben1
28 May 2026
76 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
#BadHost (CVE CVE-2026-48710) was also discovered in parallel by @_nlovin and Larry Yuan (https://t.co/HHeLTaXEw2), kudos!
@marver
27 May 2026
686 Impressions
0 Retweets
4 Likes
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:encode:starlette:*:*:*:*:*:python:*:*",
"matchCriteriaId": "4C7C6045-86A6-4FAC-AE15-B12438E9D1B4",
"versionEndExcluding": "1.0.1",
"versionStartIncluding": "0.8.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
]