CVE-2026-48710: CVE-2026-48710: Starlette BadHost HTTP Host-Header Path-Poisoning and Authentication Bypass

CVE-2026-48710: Starlette BadHost HTTP Host-Header Path-Poisoning and Authentication Bypass

Vulnerability ID: CVE-2026-48710
CVSS Score: 7.0
Published: 2026-06-04

CVE-2026-48710 is a critical security-desynchronization vulnerability in the Starlette ASGI framework (versions >= 0.8.3, < 1.0.1) that allows remote attackers to bypass path-based security middleware and access-control decorators. By injecting URI authority-to-path delimiters into the Host header, attackers can manipulate the application-level parsed URL path while the underlying ASGI server dispatches the request to target endpoints.

TL;DR

A validation flaw in Starlette's Host header parsing enables attackers to bypass security middleware checks. By adding characters like '?' or '#' to the Host header, the framework miscalculates the request path as '/' (public) while the router still executes the actual targeted administrative endpoint.

---

⚠️ Exploit Status: POC

Technical Details

• CWE ID: CWE-1289
• Attack Vector: Network (AV:N)
• CVSS v4.0 Score: 7.0 (High Severity)
• EPSS Score: 0.00353 (0.35%)
• Impact: Authentication and Authorization Bypass
• Exploit Status: Proof-of-Concept (PoC) public, scanner code weaponized
• KEV Status: Not listed

Affected Systems

• Starlette ASGI framework (versions >= 0.8.3, < 1.0.1)
• FastAPI applications using path-based security middleware
• LiteLLM and vLLM infrastructures deployed on vulnerable Starlette versions
• Model Context Protocol (MCP) server implementations running on Starlette
• Starlette: >= 0.8.3, < 1.0.1 (Fixed in: 1.0.1)
• FastAPI: <= 0.115.x (Fixed in: Dependent on Starlette 1.0.1)

Code Analysis

Commit: 764dab0

Ignore malformed Host header when constructing request.url (#3279)

@@ -26,6 +21,9 @@
+# Rejects Host header chars (/, ?, #, @, ...) that would let urlsplit produce a path differing from scope["path"].
+_HOST_RE = re.compile(r"^([a-z0-9.-]+|\[[a-f0-9]*:[a-f0-9.:]+\])(?::[0-9]+)?$", re.IGNORECASE)
...
-            if host_header is not None:
+            if host_header is not None and _HOST_RE.fullmatch(host_header):
                 url = f"{scheme}://{host_header}{path}"

Exploit Details

• GitHub: Exploit and vulnerability scanning utility targeting the BadHost CVE-2026-48710 logic gap.

Mitigation Strategies

• Upgrade Starlette to version 1.0.1 or higher to enforce strict Host header validation.
• Modify custom middleware to reference request.scope['path'] instead of request.url.path to prevent path desynchronization.
• Deploy an RFC-compliant reverse proxy (such as Nginx or Apache) that rejects invalid characters in the Host header.
• Ensure ASGI application servers bind only to localhost and are not directly exposed to untrusted networks.

Remediation Steps:

1. Identify all deployments using Starlette by running 'pip show starlette' or auditing lock files.
2. Update requirements.txt or poetry.lock to specify 'starlette>=1.0.1'.
3. Rebuild and redeploy container images to ensure downstream packages (like FastAPI) use the updated Starlette version.
4. Test custom security middleware with mock malformed Host headers to verify that access control checks cannot be bypassed.

References

• Official Starlette GitHub Advisory
• Official Security Fix Commit
• X41 D-Sec Lab Security Advisory
• OSTIF Disclosure & Deep-Dive Warning
• CVE Record (CVE.org)
• PyPA PYSEC Tracker
• BadHost Exploit & Scanner Repository
• Dedicated Threat Portal
• SecWest Starlette Portal
• Wiz Vulnerability Analysis Entry

---

Read the full report for CVE-2026-48710 on our website for more details including interactive diagrams and full exploit analysis.