Millions of AI agents imperiled by critical vulnerability in open source package
Scored daily by a customisable AI persona to surface the most relevant engineering leadership news.
Critical vulnerability in Starlette affecting AI agents, highly actionable.
A critical vulnerability in Starlette, the open-source ASGI framework with 325 million weekly downloads, is putting millions of AI agents at risk. Tracked as CVE-2026-48710 (dubbed "BadHost"), the flaw allows trivial bypass of path-based authorization via a malformed HTTP Host header, exposing credentials stored in MCP servers used by tools like FastAPI, vLLM, and LiteLLM. With a CVSS 7.0 rating but described as critical by discoverer X41 D-Sec, the exploit enables SSRF and data theft from biopharma, cloud, and other sensitive systems, and patches exist in Starlette 1.0.1.
- Audit your Python dependencies for Starlette versions < 1.0.1 and patch immediately; add Host header validation in your reverse proxy if you can't upgrade right away.
As a platform engineer building AI agent orchestration systems, this vulnerability directly threatens your MCP-based integrations and credential stores — a single unpatched Starlette dependency in your Python stack can expose your entire AI toolchain to remote takeover.
Dan Goodin — Dan Goodin is Senior Security Editor at Ars Technica, where he oversees coverage of malware, computer espionage, botnets, hardware hacking, encryption, and passwords. A journalist with more than 25 years experience, he has been chronicling the...