Back

Starlette Vulnerabilities Expose Millions of AI Agents to Attack

Severity: High (Score: 72.0)

Sources: Valuethemarkets, Kucoin, Cryptobriefing

Published: 2026-05-26 · Updated: 2026-05-27

Keywords: critical, starlette, vulnerability, flaw, python, exposes, millions

Severity indicators: critical, vulnerability, flaw

Summary

A critical vulnerability in the Starlette framework, tracked as CVE-2026-48710 and nicknamed 'BadHost', allows unauthenticated attackers to bypass security on millions of AI applications. Starlette, which receives 325 million downloads weekly, underpins FastAPI and many other Python projects. The flaw enables attackers to manipulate the HTTP Host header, leading to unauthorized access to protected endpoints and sensitive data. This vulnerability affects all Starlette versions prior to 1.0.1, with patches released for remediation. Other vulnerabilities, CVE-2024-47874 and CVE-2025-62727, were previously disclosed, allowing denial-of-service attacks. The crypto ecosystem, heavily reliant on Starlette, faces significant risks, including unauthorized transactions and data corruption. Developers are urged to update their systems promptly to mitigate exposure. The growing number of vulnerabilities in AI frameworks highlights systemic security challenges in the sector. Key Points: • CVE-2026-48710 allows unauthenticated access to millions of AI applications. • Starlette receives 325 million downloads weekly, affecting a vast ecosystem. • Immediate patching to version 1.0.1 or later is critical for security.

Detailed Analysis

**Impact** Millions of AI agents, machine learning tools, and Python-based services worldwide are affected due to Starlette’s extensive use, with approximately 325 million downloads weekly. Key sectors impacted include cryptocurrency trading, portfolio management, and DeFi automation, where AI agents rely on FastAPI and related frameworks built on Starlette. The vulnerabilities enable unauthorized access, denial-of-service conditions, and data corruption, risking unauthorized transactions and theft of sensitive credentials. The exposure is global, affecting any organization using Starlette-dependent infrastructure, especially those with limited security resources. **Technical Details** The primary attack vectors include manipulation of the HTTP Host header (CVE-2026-48710, “BadHost”) causing authentication bypass, denial-of-service via large multipart form data fields (CVE-2024-47874), and Regular Expression Denial of Service (ReDoS) through crafted Range headers in FileResponse (CVE-2025-62727). Exploits enable bypassing authentication, memory poisoning, and unauthorized access to protected endpoints, potentially leading to credential theft and unauthorized transactions. The vulnerabilities affect all Starlette versions prior to 1.0.1, with the framework serving as the foundation for FastAPI, vLLM, LiteLLM, and MCP servers. No specific malware or IOCs were reported. **Recommended Response** Immediately update Starlette to version 1.0.1 or later to mitigate the BadHost vulnerability and ensure versions 0.40.0 or higher are deployed to address earlier DoS flaws. Conduct comprehensive dependency audits across all AI agent and API infrastructure to identify and patch transitive Starlette dependencies. Deploy monitoring for unusual authentication bypass attempts and anomalous request patterns involving Host headers and multipart form data. Utilize available scanners such as the one at badhost.org to identify vulnerable applications.

Source articles (4)

  • Starlette vulnerability exposes millions of AI agents to hackers — Cryptobriefing · 2026-05-26
    A critical flaw dubbed 'BadHost' lets attackers bypass authentication on thousands of AI applications built on one of Python's most popular frameworks. A critical security flaw in one of the most wide…
  • Starlette Vulnerability Exposes Millions of AI Agents to Hackers — Kucoin · 2026-05-26
    A critical security flaw in one of the most widely used Python web frameworks has left millions of AI agents, machine learning tools, and production services vulnerable to unauthenticated attackers. T…
  • Starlette vulnerability exposes millions of AI agents to hackers — Cryptobriefing · 2026-05-26
    A critical flaw in the open-source framework underpinning FastAPI and countless Python services puts AI-driven crypto tools at risk. A critical vulnerability in Starlette, the open-source Python frame…
  • Starlette Security Vulnerabilities: Implications for AI and Crypto Investment — Valuethemarkets · 2026-05-26
    Starlette's vulnerabilities threaten AI and crypto tools, risking unauthorized transactions and data corruption. The recent vulnerabilities found in Starlette, a widely used open-source Python framewo…

Timeline

  • 2024-10-15 — CVE-2024-47874 published: A denial-of-service vulnerability in Starlette affects all versions before 0.40.0.
  • 2025-10-28 — CVE-2025-62727 published: Another vulnerability disclosed in Starlette, enabling ReDoS attacks through crafted Range headers.
  • 2026-05-26 — CVE-2026-48710 published: The 'BadHost' vulnerability allows attackers to bypass authentication on Starlette applications.
  • Recent — Patches released for vulnerabilities: Patches for CVE-2024-47874, CVE-2025-62727, and CVE-2026-48710 are available, urging updates.

CVEs

  • CVE-2024-47874
  • CVE-2025-62727
  • CVE-2026-48710

Related entities

  • Data Breach (Attack Type)
  • DDoS (Attack Type)
  • Denial-of-Service (Attack Type)
  • CWE-287 - Improper Authentication (Cwe)
  • badhost.org (Domain)
  • T1190 - Exploit Public-Facing Application (Mitre Attack)
  • FastAPI (Tool)
  • Python (Tool)
  • Starlette (Platform)
  • BadHost (Vulnerability)
  • ReDoS (Vulnerability)
Loading threat details...

Threat Not Found

The threat cluster you're looking for doesn't exist or has been removed.

Return to Feed