Back

Starlette Vulnerability Exposes Millions of AI Agents to Attackers

Severity: High (Score: 72.0)

Sources: Kucoin, Cryptobriefing

Published: 2026-05-26 · Updated: 2026-05-26

Keywords: critical, starlette, vulnerability, flaw, python, exposes, millions

Severity indicators: critical, vulnerability, flaw

Summary

A critical vulnerability in Starlette, an open-source Python framework, has left millions of AI agents vulnerable to unauthenticated attacks. Tracked as CVE-2026-48710 and known as 'BadHost', this flaw allows attackers to bypass authentication by manipulating the HTTP Host header. Starlette, which receives 325 million downloads weekly, serves as the foundation for FastAPI and numerous other Python projects. The vulnerability affects all versions prior to 1.0.1, and patches have been released. The implications extend to various AI applications, including those for machine learning and large language models. This vulnerability follows previous issues in Starlette, including CVE-2024-47874 and CVE-2025-62727, which also posed significant risks. Security teams are urged to update their dependencies to mitigate potential exploitation. The growing number of security issues in AI frameworks highlights the urgent need for robust security practices. Key Points: • CVE-2026-48710, known as 'BadHost', allows unauthenticated access to AI applications. • Starlette, with 325 million weekly downloads, is foundational for many Python projects. • Patches are available, but many projects may lag in applying updates, increasing risk.

Detailed Analysis

**Impact** Millions of AI agents, machine learning tools, and Python-based services are affected globally, particularly in the crypto sector where FastAPI and Starlette underpin trading bots, portfolio managers, and DeFi automation tools. The vulnerabilities expose these systems to denial-of-service attacks, authentication bypass, and memory poisoning, risking unauthorized transactions and data theft. The framework receives approximately 325 million downloads weekly, indicating a vast and diverse attack surface across industries relying on AI and asynchronous Python services. **Technical Details** The vulnerabilities include CVE-2024-47874 (denial-of-service via large multipart form data), CVE-2025-62727 (ReDoS via crafted Range headers in FileResponse), and CVE-2026-48710 (“BadHost” authentication bypass via unvalidated HTTP Host headers). Attackers exploit these flaws to bypass authentication, cause service disruption, and corrupt AI agent data, enabling unauthorized access and transaction manipulation. The kill chain stages impacted include initial access and execution, with no specific malware or IOCs reported. **Recommended Response** Immediately update Starlette to version 1.0.1 or later to address all known vulnerabilities. Audit and patch all downstream dependencies, including FastAPI, vLLM, LiteLLM, and MCP servers. Deploy monitoring for anomalous HTTP Host header usage and unauthorized access attempts. Utilize the free scanner available at badhost.org to identify vulnerable applications and prioritize remediation efforts accordingly.

Source articles (3)

  • Starlette vulnerability exposes millions of AI agents to hackers — Cryptobriefing · 2026-05-26
    A critical flaw dubbed 'BadHost' lets attackers bypass authentication on thousands of AI applications built on one of Python's most popular frameworks. A critical security flaw in one of the most wide…
  • Starlette Vulnerability Exposes Millions of AI Agents to Hackers — Kucoin · 2026-05-26
    A critical security flaw in one of the most widely used Python web frameworks has left millions of AI agents, machine learning tools, and production services vulnerable to unauthenticated attackers. T…
  • Starlette vulnerability exposes millions of AI agents to hackers — Cryptobriefing · 2026-05-26
    A critical flaw in the open-source framework underpinning FastAPI and countless Python services puts AI-driven crypto tools at risk. A critical vulnerability in Starlette, the open-source Python frame…

Timeline

  • 2024-10-15 — CVE-2024-47874 published: A denial-of-service vulnerability in Starlette was disclosed, affecting all versions before 0.40.0.
  • 2025-10-28 — CVE-2025-62727 published: A second denial-of-service vulnerability affecting Starlette was disclosed, enabling ReDoS attacks.
  • 2026-05-26 — CVE-2026-48710 published: The 'BadHost' vulnerability was disclosed, allowing authentication bypass in Starlette applications.

CVEs

  • CVE-2024-47874
  • CVE-2025-62727
  • CVE-2026-48710

Related entities

  • Data Breach (Attack Type)
  • Denial-of-Service (Attack Type)
  • CWE-287 - Improper Authentication (Cwe)
  • badhost.org (Domain)
  • T1190 - Exploit Public-Facing Application (Mitre Attack)
  • FastAPI (Tool)
  • Python (Tool)
  • Starlette (Platform)
  • BadHost (Vulnerability)
  • ReDoS (Vulnerability)
Loading threat details...

Threat Not Found

The threat cluster you're looking for doesn't exist or has been removed.

Return to Feed