[SECURITY] Fedora 44 Update: python-starlette-0.52.1-2.fc44

Starlette is a lightweight ASGI framework/toolkit, which is ideal for building async web services in Python. It is production-ready, and gives you the following: =E2=80=A2 A lightweight, low-complexity HTTP web framework. =E2=80=A2 WebSocket support. =E2=80=A2 In-process background tasks. =E2=80=...

LiteLLM - Command Injection

A critical unauthenticated remote code execution vulnerability exists in LiteLLM due to improper input handling in the MCP stdio test endpoint. An attacker can send a specially crafted request to the /mcp-rest/test/connection endpoint with controlled parameters, resulting in arbitrary command...

Starlette - Improper Validation of Unsafe Equivalence in Input

A flaw was found in Starlette, a lightweight ASGI Asynchronous Server Gateway Interface framework. A remote attacker could exploit this vulnerability by sending a specially crafted HTTP Host request header. This malformed header could cause the request.url to be incorrectly reconstructed, leading...

Starlette has missing Host header validation that poisons request.url.path, bypassing path-based security checks

Summary In affected versions, the HTTP Host request header was not validated before being used to reconstruct request.url. Because the routing algorithm relies on the raw HTTP path while request.url is rebuilt from the Host header, a malformed header could make request.url.path differ from the pa...

EUVD-2026-32016

Starlette has missing Host header validation that poisons request.url.path, bypassing path-based security checks...

GHSA-86QP-5C8J-P5MR Starlette has missing Host header validation that poisons request.url.path, bypassing path-based security checks

Summary In affected versions, the HTTP Host request header was not validated before being used to reconstruct request.url. Because the routing algorithm relies on the raw HTTP path while request.url is rebuilt from the Host header, a malformed header could make request.url.path differ from the pa...

ROOT-APP-PYPI-CVE-2025-62727 CVE-2025-62727 in rootio-starlette - Patched by Root

Root has patched CVE-2025-62727 in the rootio-starlette package for Root:PyPI. Multiple fixed versions available...

ROOT-APP-PYPI-CVE-2026-48710 CVE-2026-48710 in rootio-starlette - Patched by Root

Root has patched CVE-2026-48710 in the rootio-starlette package for Root:PyPI. Multiple fixed versions available...

ROOT-APP-PYPI-CVE-2025-54121 CVE-2025-54121 in rootio-starlette - Patched by Root

Root has patched CVE-2025-54121 in the rootio-starlette package for Root:PyPI. Multiple fixed versions available...

ROOT-APP-PYPI-CVE-2024-47874 CVE-2024-47874 in rootio-starlette - Patched by Root

Root has patched CVE-2024-47874 in the rootio-starlette package for Root:PyPI. Multiple fixed versions available...

ROOT-APP-PYPI-CVE-2023-30798 CVE-2023-30798 in rootio-starlette - Patched by Root

Root has patched CVE-2023-30798 in the rootio-starlette package for Root:PyPI. Multiple fixed versions available...

EUVD-2026-33965

NiceGUI is a Python-based UI framework. Prior to version 3.12.0, two FastAPI routes that serve per-component static assets in NiceGUI accept a sub-path parameter that may resolve to a directory rather than a file. Requests that resolve to a directory raise an unhandled RuntimeError inside...

The vulnerability was concealed in Starlette

There is a vulnerability in Starlette, a Python library for developing web services. Starlette is used by various products, including FastAPI. An unauthorized malicious actor can exploit this vulnerability to bypass authentication checks. This allows the malicious actor to access protected URL...

Exploit for CVE-2026-48710

BadHost — CVE-2026-48710 Scanner Detection-only scanner for t...

Debian dsa-6302 : python3-starlette - security update

The remote Debian 12 / 13 host has a package installed that is affected by multiple vulnerabilities as referenced in the dsa-6302 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-6302-1 [email protected]...

CVE-2026-48710

A flaw was found in Starlette, a lightweight ASGI Asynchronous Server Gateway Interface framework. A remote attacker could exploit this vulnerability by sending a specially crafted HTTP Host request header. This malformed header could cause the request.url to be incorrectly reconstructed, leading...

[SECURITY] [DSA 6302-1] starlette security update

------------------------------------------------------------------------- Debian Security Advisory DSA-6302-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff May 27, 2026 https://www.debian.org/security/faq -...

HTTP Request Smuggling

Overview starlette is a The little ASGI library that shines. Affected versions of this package are vulnerable to HTTP Request Smuggling via the request.url reconstruction process. An attacker can bypass path-based security checks by supplying a malformed Host header that causes request.url.path t...

CVE-2026-48710

Starlette is a lightweight ASGI framework/toolkit. Prior to version 1.0.1, the HTTP Host request header was not validated before being used to reconstruct request.url. Because the routing algorithm relies on the raw HTTP path while request.url is rebuilt from the Host header, a malformed header...

UBUNTU-CVE-2026-48710

Starlette is a lightweight ASGI framework/toolkit. Prior to version 1.0.1, the HTTP Host request header was not validated before being used to reconstruct request.url. Because the routing algorithm relies on the raw HTTP path while request.url is rebuilt from the Host header, a malformed header...