CVE-2026-48710 Starlette has missing Host header validation that poisons request.url.path, bypassing path-based security checks

Starlette is a lightweight ASGI framework/toolkit. Prior to version 1.0.1, the HTTP Host request header was not validated before being used to reconstruct request.url. Because the routing algorithm relies on the raw HTTP path while request.url is rebuilt from the Host header, a malformed header...

Linux Distros Unpatched Vulnerability : CVE-2025-54121

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Starlette is a lightweight ASGI Asynchronous Server Gateway Interface framework/toolkit, designed for building async web services in Python. In versions 0.47.1...

PT-2023-9597 · Starlette +2 · Starlette +2

Name of the Vulnerable Software and Affected Versions: Starlette versions 0.13.5 through 0.27.0 Description: The issue is related to a directory traversal vulnerability in Starlette, which allows a remote unauthenticated attacker to view files in a web service built using Starlette. This is due t...