- Secwest discloses CVE-2026-48710 (“BadHost”), a high severity flaw in Starlette that allows attackers to abuse malformed host headers to bypass security controls and leak sensitive data.
- Starlette underpins frameworks like FastAPI and is widely deployed; The researchers warn that the 7/10 score underestimates the risk, as data from AI, biopharma, IoT, and SaaS agents are potentially exposed.
- The bug was fixed in version 1.0.1, but vulnerable builds are still common in production, making immediate updates and environment scans critical.
Experts warned that a lightweight Python web framework called Starlette had a high-severity vulnerability that could allow malicious actors to extract sensitive data from millions of AI agents.
Some researchers even suggest that current descriptions of the fault do not do it justice, as it is one of the largest and potentially most disruptive faults in recent times.
Starlette is a Python web framework and tool created to create fast web applications and APIs using the ASGI (Asynchronous Server Gateway Interface) standard. Being open source, it receives around 325 million downloads every week and is the basis for many popular frameworks (e.g. FastAPI).
BadHost fixed with patch
The problem arises from the fact that Starlette has access to servers running Model Context Protocol (MCP), a tool that allows AI agents to search the web or access third-party services. In order to function correctly, that tool must have the correct permissions and store the correct passwords.
Security researchers Secwest found a flaw that allowed attackers to send a false or malformed ‘Host’ header (information that websites use to understand what address was requested). In some cases, Starlette would create the request URL using this fake data, causing security checks to look for the wrong path.
The bug is named BadHost and is now tracked as CVE-2026-48710. It was given a severity score of 7/10 (high) and was fixed in Starlette version 1.0.1.
For Secwest, giving BadHost a 7/10 “substantially underestimates” the severity of the threat. It claims that at this very moment, biopharmaceutical AI data, identity verification data, industrial and IoT data, emails, SaaS data, and more are all exposed.
While it fixed the problem, Starlette did not comment on the findings. Ars Technique It says that vulnerable versions are still “widely used” in production systems, and that companies should at least scan to see if they are among those at risk.
The best antivirus for all budgets
Follow TechRadar on Google News and add us as a preferred source to receive news, reviews and opinions from our experts in your feeds.
