Millions of AI agents imperiled by critical vulnerability in open source package
Summary
A serious security flaw was found in Starlette, a widely used open source framework for building Python apps. This flaw can let hackers break into servers running AI tools and steal sensitive data like user information and account credentials.Key Facts
- Starlette is used by many projects, including FastAPI, and is downloaded 325 million times weekly.
- The flaw is called BadHost (CVE-2026-48710) and affects Starlette versions before 1.0.1.
- Hackers can exploit this flaw by sending a single wrong character in the HTTP Host header.
- This allows them to bypass security checks and access protected data and systems.
- Systems affected include AI services that handle emails, calendars, identity verification, healthcare data, and more.
- The vulnerability can also lead to further attacks like server-side request forgery and remote code execution.
- The security risk is high, with some experts calling it critical, and an online scanner is available to check if servers are vulnerable.
- Fixes have been released, and users are urged to update Starlette to version 1.0.1 or later.
Read the Full Article
This is a fact-based summary from The Actual News. Click below to read the complete story directly from the original source.