Cybersecurity researchers have discovered a critical vulnerability named BadHost, which could jeopardize millions of servers and artificial intelligence systems worldwide. The vulnerability affects Starlette—a popular open-source Python framework that, according to developers, is downloaded over 325 million times each week.
This is reported by Finway
How the BadHost Vulnerability Works
The issue has been assigned the identifier CVE-2026-48710 and is vulnerable for Starlette versions up to 1.0.1. According to experts from Secwest and X41 D-Sec, BadHost allows attackers to bypass authorization mechanisms, perform SSRF attacks (Server-Side Request Forgery), and in some cases, execute arbitrary code on the server. The main cause is improper handling of the Host HTTP header in Starlette, which allows additional paths to be injected into requests and bypass authorization checks.
“In some cases, they can also execute arbitrary code on the server.”
Which Systems Are at Risk
Starlette is widely used as a base for well-known tools such as FastAPI, vLLM, LiteLLM, and Text Generation Inference. Also at risk are MCP servers, through which AI agents access external services and databases. Among the potentially affected systems are OpenAI proxies and other popular solutions for developing AI services.
Researchers emphasize that vulnerable servers and infrastructure often contain critical data such as SSH keys, AWS credentials, emails, calendars, internal documents, and other sensitive information. Secwest experts believe that the official severity rating of 7 out of 10 significantly underestimates the actual risks, as vulnerable systems have been found in the fields of biopharmaceuticals, HR, SaaS, cybersecurity, IoT, and cloud services during scanning.
A special scanner can be used to check FastAPI servers and MCP infrastructure for the BadHost vulnerability.
Experts advise all users of FastAPI, vLLM, LiteLLM, and other Starlette-based solutions to immediately check their infrastructure and update their software to secure versions to minimize the risks of unauthorized access and data leaks.