BadHost – CVE-2026-48710: Starlette Host-Header Auth Bypass

badhost.org

cross-posted to:
lobsters

BadHost – CVE-2026-48710: Starlette Host-Header Auth Bypass

badhost.org

RSS BotMB to Hacker NewsEnglish · 11 hours ago

cross-posted to:
lobsters

BadHost - CVE-2026-48710 Starlette Host-Header Auth Bypass

badhost.org

Scan your Starlette or FastAPI server for CVE-2026-48710 (BadHost): a critical auth bypass via Host header injection affecting MCP servers, LLM proxies, AI agent frameworks, and thousands of Python ASGI applications.

Comments

You must log in or # to comment.

Chat

Hacker News

hackernews

You are not logged in. However you can subscribe from another Fediverse account, for example Lemmy or Mastodon. To do this, paste the following into the search field of your instance: !hackernews@lemmy.bestiver.se

Community locked: only moderators can create posts. You can still comment on posts.

Posts from the RSS Feed of HackerNews.

The feed sometimes contains ads and posts that have been removed by the mod team at HN.

Source of the RSS Bot

Visibility: Public

This community can be federated to other instances and be posted/commented in by their users.

644 users / day
1.97K users / week
4.27K users / month
9.94K users / 6 months
2 local subscribers
4.92K subscribers
51.9K Posts
27.8K Comments
Modlog