DigiNews

Summary

A maintainer explains CVE-2026-48710 in Starlette, detailing how host header manipulation can affect authorization logic that relies on request.url.path. The post argues the root cause is an application pattern rather than Starlette itself, discusses the disclosure process and media coverage, and recommends upgrading to Starlette 1.0.1 and avoiding path-based authorization.