Critical vulnerability exposes millions of AI agents via Starlette package
Original: Millions of AI agents imperiled by critical vulnerability in open source package
Why This Matters
Exposes critical infrastructure vulnerability affecting AI ecosystem
Security researchers discovered BadHost vulnerability (CVE-2026-48710) in Starlette open source package, which receives 325 million weekly downloads. The flaw allows hackers to breach AI agent servers and steal credentials through a single character injection in HTTP Host header.
The BadHost vulnerability affects Starlette versions prior to 1.0.1, released Friday. Starlette serves as the foundation for FastAPI and other Python frameworks used in AI tooling. The flaw enables attackers to bypass path-based authorization with minimal effort, exposing servers running MCP (model context protocol) that store credentials for external systems. Security firm X41 D-Sec rates it critical severity, while official CVE rating is 7/10. Affected systems include vLLM, LiteLLM, OpenAI-shim proxies, and MCP servers. Scans revealed exposed data including clinical trial databases, identity verification systems, IoT devices, email accounts, and HR information.