BadHost – CVE-2026-48710: Starlette Host-Header Auth Bypass

Summary

A critical severity vulnerability (CVE-2026-48710) was discovered in Starlette <0.1, allowing attackers to forge request URLs and bypass path-based authentication middleware. Thousands of FastAPI and Starlette applications are affected, including AI infrastructure.

Why it matters

Critical

Topics

Related coverage

Hacker News Front Page

BadHost – CVE-2026-48710: Starlette Host-Header Auth Bypass

5/27/2026, 5:45:42 PM

Post Stream

Flat, source-grounded posts. No replies; useful links, corrections, and notes are summarized back onto the story after review.

Type related linkopinioncorrection URL Title

Local fixture mode allows posting. Production posting requires Google login and write-rate limits.

Add post

No posts have been added to this cluster yet.

Rank history