A critical vulnerability, tracked as CVE-2026-48710 and named BadHost, has been identified in Starlette, an open-source framework widely used in AI applications. This flaw allows attackers to exploit servers by injecting malicious data into the HTTP Host header, thus bypassing authorization in applications built on Starlette, which forms the backbone of popular frameworks such as FastAPI. With over 325 million downloads weekly, the vulnerability impacts numerous other open-source projects.
Researchers warn that it can lead to unauthorized access to sensitive data across various sectors, including email management, identity verification, and personal health information. Users of affected applications are advised to run a vulnerability scan and update to Starlette version 1.0.1 or later to mitigate potential risks.