Millions of AI agents imperiled by critical vulnerability in open source package
Summary
Ars Technica reports a critical vulnerability named BadHost (CVE-2026-48710) in Starlette, an open-source ASGI framework, which is used by FastAPI and many AI tooling stacks. The flaw allows attackers to bypass authentication and potentially exfiltrate data or execute code on vulnerable servers; advisories urge scanning and upgrading Starlette and dependent packages.