DigiNews

Summary

This article explains CVE-2026-48710 BadHost, a critical Starlette host-header bypass vulnerability in Starlette versions before 1.0.1. It details how an attacker can craft a Host header to alter request.url.path and bypass path-based authentication, and it discusses impacted projects and recommended mitigations such as upgrading Starlette, avoiding path-based middleware, and deploying a reverse proxy. It also references scanners and AI infrastructure implications for FastAPI/Starlette-based deployments.