{"vulnerability": "CVE-2026-48710", "sightings": [{"uuid": "3bf4f494-b487-46e4-b5b5-4b6c05e40d85", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-48710", "type": "seen", "source": "https://bsky.app/profile/cyberkendra.com/post/3mmrmskrz6k2p", "content": "\ud83d\udea8 A serious security flaw called \"BadHost\" (CVE-2026-48710) was just disclosed. It affects FastAPI, vLLM, LiteLLM, and most apps built on Starlette.\nRead Details- www.cyberkendra.com/2026/05/badh...\nPass this on to your dev team if they ship Python APIs. \ud83d\ude4f", "creation_timestamp": "2026-05-26T18:30:45.875104Z"}, {"uuid": "d7a4b95d-1b2d-48bc-97c9-899c15c005e5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-48710", "type": "seen", "source": "https://bsky.app/profile/dragostech.bsky.social/post/3mmqixgpa4s2n", "content": "\ud83d\udea8 CVE-2026-48710(\"BadHost\"): one character in a Host header bypasses path-based authorization across most of the Python AI stack.\n\nLives in Starlette, reaches FastAPI and through it: vLLM (where it was discovered), LiteLLM, TGI, MCP servers, agent harnesses, eval dashboards.\n\ncc @marver.bsky.social", "creation_timestamp": "2026-05-26T07:49:13.496189Z"}, {"uuid": "41660d10-950b-43bf-bddf-542e7a697136", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-48710", "type": "seen", "source": "https://bsky.app/profile/dragostech.bsky.social/post/3mmqjd6idtk2n", "content": "\ud83d\udea8CVE-2026-48710(\"BadHost\"): one character in a Host header bypasses path-based authorization across most of the Python AI stack.\n\nLives in Starlette, reaches FastAPI and through it: vLLM (where it was discovered), LiteLLM, TGI, MCP servers, agent harnesses, eval dashboards.\ncc \n@marver.bsky.social", "creation_timestamp": "2026-05-26T07:55:47.138306Z"}, {"uuid": "6ae6c23f-8a61-4073-bd31-943c9f8526ad", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-48710", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mmsdhpsf2h2v", "content": "CVE-2026-48710 - Starlette has missing Host header validation that poisons request.url.path, bypassing path-based security checks\nCVE ID : CVE-2026-48710\n \n Published : May 26, 2026, 10:16 p.m. | 2\u00a0hours, 15\u00a0minutes ago\n \n Description : Starlette is a lightweight ASGI framewor...", "creation_timestamp": "2026-05-27T01:16:10.898407Z"}, {"uuid": "d47876d7-5c62-40b7-9273-54680c700165", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-48710", "type": "seen", "source": "https://bsky.app/profile/aidoo-noticias.bsky.social/post/3mmrsan63on2z", "content": "Alerta: BadHost (CVE-2026-48710) en Starlette permite eludir autorizaci\u00f3n por rutas con 1 car\u00e1cter en Host; impacta FastAPI, vLLM, LiteLLM y servidores ASGI/MCP. Actualiza a 1.0.1. #Ciberseguridad #Python", "creation_timestamp": "2026-05-26T20:08:00.536479Z"}, {"uuid": "e9aaad77-84cf-4200-92e1-b99d4caf0bf6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-48710", "type": "seen", "source": "https://bsky.app/profile/hn100.bsky.social/post/3mmsxhp2mdy2s", "content": "BadHost \u2013 CVE-2026-48710 Starlette Host-Header Auth Bypass\n\nDiscussion", "creation_timestamp": "2026-05-27T07:14:05.666266Z"}, {"uuid": "6071d501-cc13-4d8e-b6d9-d22e79119a84", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-48710", "type": "seen", "source": "https://bsky.app/profile/humanghostemoji.bsky.social/post/3mmrvt6536k2a", "content": "Millions of AI agents are exposed due to the \u201cBadHost\u201d vulnerability (CVE-2026-48710) in Starlette, used by FastAPI and vLLM. Versions prior to 1.0.1 allow trivial HTTP Host header exploits.\narstechnica.com/information-...", "creation_timestamp": "2026-05-26T21:12:04.800829Z"}, {"uuid": "58252923-febb-418f-8929-01816e7bb915", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-48710", "type": "seen", "source": "https://bsky.app/profile/aibearnews.bsky.social/post/3mmrvomkxuy2q", "content": "\ud83d\udea8 Una falla critica mette a rischio milioni di AI agenti\n\nCVE-2026-48710 colpisce Starlette, base di FastAPI (325M download a settimana).\nUn carattere ruba credenziali da MCP e LiteLLM.\nAggiorna a Starlette 1.0.1\n\nFonte: arstechnica.com\n\nSegui\n\n#IA #Cybersecurity\n \ud83d\udd12 \ud83d\udc0d \ud83d\udce2", "creation_timestamp": "2026-05-26T21:09:30.088880Z"}, {"uuid": "0d47d335-77f9-4c33-b3d3-2ec797c20a1d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-48710", "type": "seen", "source": "https://bsky.app/profile/agentwyre.ai/post/3mmryxw33pt2s", "content": "\ud83d\udd34 BadHost in Starlette puts FastAPI, vLLM, LiteLLM, and MCP servers at risk of auth bypass\n\nA newly disclosed Starlette flaw, CVE-2026-48710,...\n\nhttps://arstechnica.com/information-technology/2026/05/millions-of-ai-agents-imperiled-by-critical-vulnerability-in-open-source-package/\n\n#AI #AgentWyre", "creation_timestamp": "2026-05-26T22:08:23.293861Z"}, {"uuid": "93cb26e4-4e87-4dac-a869-bd7a876bd8c8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-48710", "type": "seen", "source": "https://bsky.app/profile/hnbot.gsuscs.xyz/post/3mmsyfqgnsk2q", "content": "BadHost \u2013 CVE-2026-48710: Starlette Host-Header Auth Bypass\n\nhttps://badhost.org/", "creation_timestamp": "2026-05-27T07:30:52.960021Z"}, {"uuid": "a54caa28-90ef-473f-81e0-07d5987c8a8a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-48710", "type": "seen", "source": "https://bsky.app/profile/lobsters-feed.bsky.social/post/3mmsywah7tl27", "content": "CVE-2026-48710 Starlette Host-Header Auth Bypass https://lobste.rs/s/cmsgwo #python #web ", "creation_timestamp": "2026-05-27T07:40:07.266716Z"}, {"uuid": "5f5935bb-8432-4e4d-9d78-f1290d3c9aca", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-48710", "type": "seen", "source": "https://bsky.app/profile/pmloik.bsky.social/post/3mmshngckkv2m", "content": "Top 3 CVE for last 7 days:\nCVE-2026-45250: 72 interactions\nCVE-2026-45584: 65 interactions\nCVE-2026-46727: 22 interactions\n\n\nTop 3 CVE for yesterday:\nCVE-2026-48710: 11 interactions\nCVE-2026-28952: 3 interactions\nCVE-2026-45659: 3 interactions\n", "creation_timestamp": "2026-05-27T02:30:57.994377Z"}, {"uuid": "763403af-cd8c-41c9-842c-4e59a827ee34", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-48710", "type": "seen", "source": "https://bsky.app/profile/news.karthihegde.dev/post/3mmsxlcnily2g", "content": "BadHost \u2013 CVE-2026-48710: Starlette Host-Header Auth Bypass\nDiscussion | hackernews | Author: ylk", "creation_timestamp": "2026-05-27T07:16:06.406343Z"}, {"uuid": "348ba34f-ccc8-4ece-ab2d-e9ac6b677633", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-48710", "type": "seen", "source": "https://bsky.app/profile/hnws.bsky.social/post/3mmsxmzlf6k2t", "content": "BadHost \u2013 CVE-2026-48710: Starlette Host-Header Auth Bypass\ncomments \u00b7 posted on 2026.05.26 at 05:07:18 (c=3, p=14)", "creation_timestamp": "2026-05-27T07:17:04.210724Z"}, {"uuid": "aecfc032-5a64-4ba6-8d1e-48a55742bfa2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-48710", "type": "seen", "source": "https://t.me/xakep_ru/19433", "content": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c BadHost \u0432\u043e \u0444\u0440\u0435\u0439\u043c\u0432\u043e\u0440\u043a\u0435 Starlette \u043f\u0440\u0435\u0434\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 \u0443\u0433\u0440\u043e\u0437\u0443 \u0434\u043b\u044f \u0418\u0418-\u0430\u0433\u0435\u043d\u0442\u043e\u0432\n\n\u0418\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u0438 \u043f\u0440\u0435\u0434\u0443\u043f\u0440\u0435\u0436\u0434\u0430\u044e\u0442 \u043e \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u043e\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 CVE-2026-48710, \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u0431\u044b\u043b\u0430 \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u0430 \u0432 \u043e\u043f\u0435\u043d\u0441\u043e\u0440\u0441\u043d\u043e\u043c Python-\u0444\u0440\u0435\u0439\u043c\u0432\u043e\u0440\u043a\u0435 Starlette \u0438 \u043f\u043e\u043b\u0443\u0447\u0438\u043b\u0430 \u043d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 BadHost. \u041f\u043e\u0441\u043a\u043e\u043b\u044c\u043a\u0443 Starlette \u043b\u0435\u0436\u0438\u0442 \u0432 \u043e\u0441\u043d\u043e\u0432\u0435 FastAPI \u0438 \u043c\u043d\u043e\u0436\u0435\u0441\u0442\u0432\u0430 \u043f\u043e\u043f\u0443\u043b\u044f\u0440\u043d\u044b\u0445 \u0418\u0418-\u0438\u043d\u0441\u0442\u0440\u0443\u043c\u0435\u043d\u0442\u043e\u0432, \u043f\u0440\u043e\u0431\u043b\u0435\u043c\u0430 \u0441\u043e\u0437\u0434\u0430\u0435\u0442 \u0440\u0438\u0441\u043a\u0438 \u0434\u043b\u044f \u043c\u0438\u043b\u043b\u0438\u043e\u043d\u043e\u0432 \u0441\u0435\u0440\u0432\u0435\u0440\u043e\u0432 \u0438 \u0418\u0418-\u0430\u0433\u0435\u043d\u0442\u043e\u0432, \u0430 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0431\u0430\u0433\u0430 \u0441\u0432\u043e\u0434\u0438\u0442\u0441\u044f \u043a \u043e\u0434\u043d\u043e\u043c\u0443 \u0441\u0438\u043c\u0432\u043e\u043b\u0443 \u0432 HTTP-\u0437\u0430\u0433\u043e\u043b\u043e\u0432\u043a\u0435 Host.\n\nhttps://xakep.ru/2026/05/27/badhost/", "creation_timestamp": "2026-05-27T08:36:11.000000Z"}, {"uuid": "2344bb84-82be-4ec3-a35e-e8c5028b4726", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-48710", "type": "seen", "source": "https://bsky.app/profile/crustytldr.bsky.social/post/3mmtb4khfno23", "content": "\ud83d\udd12 Millions of AI agents imperiled by critical vulnerability in open source package\n\nA critical vulnerability, named \"BadHost\" (CVE-2026-48710), has been discovered in the Starlette ...\n\nhttps://tinyurl.com/32dpwrys #CyberSecurity #InfoSec #CrustyTLDR", "creation_timestamp": "2026-05-27T10:06:48.179922Z"}, {"uuid": "ca12435c-450b-4bbb-a0d0-849db7558a18", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-48710", "type": "seen", "source": "https://bsky.app/profile/hackernewstop5.bsky.social/post/3mmt2wi4qcz24", "content": "BadHost \u2013 CVE-2026-48710: Starlette Host-Header Auth Bypass\n\n#HackerNews\n\nhttps://badhost.org/", "creation_timestamp": "2026-05-27T08:16:03.467871Z"}, {"uuid": "719ada30-c8b1-42b8-87fd-1e2f961ffd64", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-48710", "type": "seen", "source": "https://bsky.app/profile/hackernewsbot.bsky.social/post/3mmt35nop3s2y", "content": "BadHost \u2013 CVE-2026-48710: Starlette Host-Header Auth Bypass | Discussion", "creation_timestamp": "2026-05-27T08:20:02.966960Z"}, {"uuid": "f5357133-fca7-4be6-bdb1-eed368e470ad", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-48710", "type": "seen", "source": "https://bsky.app/profile/humanghostemoji.bsky.social/post/3mmt43k6gjs23", "content": "Millions of AI agents are exposed due to the \u201cBadHost\u201d vulnerability (CVE-2026-48710) in Starlette, used by FastAPI and vLLM. Versions prior to 1.0.1 allow trivial HTTP Host header exploits.\narstechnica.com/information-...", "creation_timestamp": "2026-05-27T08:36:46.102230Z"}, {"uuid": "41603efb-a674-461d-8aa8-89ce7f4010fe", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-48710", "type": "seen", "source": "https://bsky.app/profile/infosecbriefly.bsky.social/post/3mmt5jetana2a", "content": "CVE-2026-48710 in Starlette enables HTTP Host header manipulation to bypass access controls, risking internal server exposure and credential access for AI agents.\n", "creation_timestamp": "2026-05-27T09:02:25.137022Z"}, {"uuid": "382d9562-bba2-44c6-b7cf-805b8329e1ed", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-48710", "type": "seen", "source": "https://bsky.app/profile/eyalestrin.bsky.social/post/3mmt5zygnj22b", "content": "Critical Security Alert BadHost Authentication Bypass Vulnerability CVE-2026-48710 Found in Starlette Framework Impacting AI Infrastructure #appsec", "creation_timestamp": "2026-05-27T09:11:41.286947Z"}, {"uuid": "b15b679d-ba2a-49ea-8d06-26fff9b332f9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-48710", "type": "seen", "source": "https://bsky.app/profile/potato.software/post/3mmtbfxg2bb2t", "content": "\ud83d\udd12 Millions of BO agents imperiled by critical vulnerability in open source package\n\nA critical vulnerability, named \"BadHost\" (CVE-2026-48710), has been discovered in the Starlette ...\n\nhttps://tinyurl.com/32dpwrys #PotatoSecurity #InfoSec #CrustyTLDR", "creation_timestamp": "2026-05-27T10:12:05.200701Z"}, {"uuid": "5626dfeb-85cb-42ab-9834-0f602b1f9d13", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-48710", "type": "seen", "source": "https://bsky.app/profile/pixelsandpulse.bsky.social/post/3mmtloq3ryd2g", "content": "A new critical vulnerability, BadHost (CVE-2026-48710), in the Starlette web framework allows authentication bypass through Host header manipulation. This isn't just a theoretical flaw; it poses a significant risk to AI systems\u2026\n\nhttps://www.tpp.blog/1mchjk7\n\n#cybersecurity #starlette #cve202648710", "creation_timestamp": "2026-05-27T13:15:55.974455Z"}, {"uuid": "a8187bc4-8721-4990-b8d1-d362be416ddd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-48710", "type": "seen", "source": "https://bsky.app/profile/blackhatnews.tokyo/post/3mmtjlxivf52g", "content": "BadHost\u306e\u8106\u5f31\u6027\u306b\u3088\u308a\u3001AI\u30a8\u30fc\u30b8\u30a7\u30f3\u30c8\u30b5\u30fc\u30d0\u30fc\u306e\u6a5f\u5bc6\u30a8\u30f3\u30c9\u30dd\u30a4\u30f3\u30c8\u304c\u653b\u6483\u8005\u306b\u9732\u51fa\n\nStarlette\u30a6\u30a7\u30d6\u30d5\u30ec\u30fc\u30e0\u30ef\u30fc\u30af\u306b\u300cBadHost\u300d\uff08CVE-2026-48710\uff09\u3068\u547c\u3070\u308c\u308b\u91cd\u5927\u306a\u8106\u5f31\u6027\u304c\u767a\u898b\u3055\u308c\u3001\u6570\u5343\u3082\u306eAI\u642d\u8f09\u30a2\u30d7\u30ea\u30b1\u30fc\u30b7\u30e7\u30f3\u304a\u3088\u3073API\u30b5\u30fc\u30d3\u30b9\u304c\u653b\u6483\u3092\u53d7\u3051\u308b\u53ef\u80fd\u6027\u306b\u3055\u3089\u3055\u308c\u3066\u3044\u307e\u3059\u3002 \u3053\u306e\u6b20\u9665\u306f\u3001OSTIF\u304c\u652f\u63f4\u3059\u308b\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u76e3\u67fb\u306b\u304a\u3044\u3066X41 D-Sec\u306b\u3088\u3063\u3066\u767a\u898b\u3055\u308c\u305f\u3082\u306e\u3067\u3001", "creation_timestamp": "2026-05-27T12:38:35.201109Z"}, {"uuid": "2ab5ac80-bd6b-4910-91e1-ffb4e491dd73", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-48710", "type": "seen", "source": "https://t.me/true_secator/8247", "content": "\u0412 \u043c\u0430\u043b\u043e\u0438\u0437\u0432\u0435\u0441\u0442\u043d\u043e\u043c \u043a\u043e\u043c\u043f\u043e\u043d\u0435\u043d\u0442\u0435 \u043f\u0440\u043e\u043c\u0435\u0436\u0443\u0442\u043e\u0447\u043d\u043e\u0433\u043e \u041f\u041e, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u043c\u043e\u043c \u0432\u043e \u043c\u043d\u043e\u0433\u0438\u0445 \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u0430\u0445 \u0438\u043d\u0444\u0440\u0430\u0441\u0442\u0440\u0443\u043a\u0442\u0443\u0440\u044b \u0441\u0435\u0440\u0432\u0435\u0440\u043e\u0432 \u0434\u043b\u044f \u0418\u0418, \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u0430 \u0441\u0435\u0440\u044c\u0435\u0437\u043d\u0430\u044f \u043e\u0448\u0438\u0431\u043a\u0430.\n\n\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043f\u043e\u043b\u0443\u0447\u0438\u043b\u0430 \u0443\u0441\u043b\u043e\u0432\u043d\u043e\u0435 \u043d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 BadHost (\u0438 \u043e\u0442\u0441\u043b\u0435\u0436\u0438\u0432\u0430\u0435\u0442\u0441\u044f \u043a\u0430\u043a CVE-2026-48710), \u0437\u0430\u0442\u0440\u0430\u0433\u0438\u0432\u0430\u044f Starlette, \u043b\u0435\u0433\u043a\u043e\u0432\u0435\u0441\u043d\u044b\u0439 \u0444\u0440\u0435\u0439\u043c\u0432\u043e\u0440\u043a \u043d\u0430 Python \u0434\u043b\u044f \u0441\u043e\u0437\u0434\u0430\u043d\u0438\u044f \u0430\u0441\u0438\u043d\u0445\u0440\u043e\u043d\u043d\u044b\u0445 \u0432\u0435\u0431-\u0441\u0435\u0440\u0432\u0438\u0441\u043e\u0432.\n\n\u041f\u0440\u043e\u0449\u0435 \u0433\u043e\u0432\u043e\u0440\u044f, \u044d\u0442\u0430 \u043e\u0448\u0438\u0431\u043a\u0430 \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0430\u043c \u00ab\u043e\u0431\u043c\u0430\u043d\u0443\u0442\u044c\u00bb \u0441\u0435\u0440\u0432\u0435\u0440\u044b, \u043f\u0435\u0440\u0435\u043d\u0430\u043f\u0440\u0430\u0432\u043b\u044f\u044f \u0438\u0445 \u043a \u043e\u0431\u0449\u0435\u0434\u043e\u0441\u0442\u0443\u043f\u043d\u043e\u043c\u0443 URL-\u0430\u0434\u0440\u0435\u0441\u0443 \u0431\u0435\u0437 \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438.\n\n\u0412 \u0434\u0435\u0439\u0441\u0442\u0432\u0438\u0442\u0435\u043b\u044c\u043d\u043e\u0441\u0442\u0438 \u0436\u0435 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0438 \u043f\u043e\u0434\u043a\u043b\u044e\u0447\u0430\u044e\u0442\u0441\u044f \u043a \u0447\u0430\u0441\u0442\u043d\u044b\u043c \u043a\u043e\u043d\u0435\u0447\u043d\u044b\u043c \u0442\u043e\u0447\u043a\u0430\u043c, \u043e\u0442\u043a\u0443\u0434\u0430 \u043c\u043e\u0433\u0443\u0442 \u0437\u0430\u0433\u0440\u0443\u0436\u0430\u0442\u044c \u0438\u043b\u0438 \u0441\u043e\u0431\u0438\u0440\u0430\u0442\u044c \u043a\u043e\u043d\u0444\u0438\u0434\u0435\u043d\u0446\u0438\u0430\u043b\u044c\u043d\u044b\u0435 \u0434\u0430\u043d\u043d\u044b\u0435 \u0438\u043b\u0438 \u0434\u0430\u0432\u0430\u0442\u044c \u0441\u0435\u0440\u0432\u0435\u0440\u0443 \u043a\u043e\u043c\u0430\u043d\u0434\u044b \u043d\u0430 \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u0435 \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u044b\u0445 \u0434\u0435\u0439\u0441\u0442\u0432\u0438\u0439.\n\n\u041d\u0435\u043c\u0435\u0446\u043a\u0430\u044f X41 D-Sec \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0438\u043b\u0430 \u043f\u0440\u043e\u0431\u043b\u0435\u043c\u0443 \u0438 \u0441\u043e\u043e\u0431\u0449\u0438\u043b\u0430 \u043e\u0431 \u043d\u0435\u0439 \u043f\u043e\u0441\u0442\u0430\u0432\u0449\u0438\u043a\u0443, \u0442\u0430\u043a\u0436\u0435 \u043e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u0432 \u043f\u043e\u043b\u043d\u044b\u0439 \u0442\u0435\u0445\u043d\u0438\u0447\u0435\u0441\u043a\u0438\u0439 \u0430\u043d\u0430\u043b\u0438\u0437.\n\n\u041e\u0441\u043d\u043e\u0432\u043d\u043e\u0439 \u0441\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0432\u044b\u0433\u043b\u044f\u0434\u0438\u0442 \u043f\u0440\u0438\u043c\u0435\u0440\u043d\u043e \u0442\u0430\u043a: \u043d\u0435\u043f\u0440\u0430\u0432\u0438\u043b\u044c\u043d\u043e \u0441\u0444\u043e\u0440\u043c\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0439 \u0437\u0430\u043f\u0440\u043e\u0441 \u043b\u0435\u0433\u043a\u043e \u0441\u043e\u0431\u0440\u0430\u0442\u044c, \u0435\u0441\u043b\u0438 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0438 \u0437\u043d\u0430\u044e\u0442, \u043a \u043a\u0430\u043a\u0438\u043c \u0447\u0430\u0441\u0442\u044f\u043c \u0432\u043d\u0443\u0442\u0440\u0435\u043d\u043d\u0435\u0433\u043e API \u043e\u043d\u0438 \u0445\u043e\u0442\u044f\u0442 \u043e\u0431\u0440\u0430\u0442\u0438\u0442\u044c\u0441\u044f: GET\u00a0/privateendpoint HTTP/1.1 \u0438 Host:\u00a0example.com/public?bar=.\n\n\u041a\u043e\u043c\u0430\u043d\u0434\u0430 Starlette \u0432\u044b\u043f\u0443\u0441\u0442\u0438\u043b\u0430 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f \u043d\u0430 \u043f\u0440\u043e\u0448\u043b\u043e\u0439 \u043d\u0435\u0434\u0435\u043b\u0435, \u043d\u043e \u0437\u043d\u0430\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u0430\u044f \u0447\u0430\u0441\u0442\u044c \u0438\u043d\u0444\u0440\u0430\u0441\u0442\u0440\u0443\u043a\u0442\u0443\u0440\u044b \u0418\u0418, \u0432\u0435\u0440\u043e\u044f\u0442\u043d\u043e, \u043f\u043e-\u043f\u0440\u0435\u0436\u043d\u0435\u043c\u0443 \u043d\u0435 \u0437\u0430\u0449\u0438\u0449\u0435\u043d\u0430 \u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u0430.\n\n\u0412 \u043d\u0430\u0441\u0442\u043e\u044f\u0449\u0435\u0435 \u0432\u0440\u0435\u043c\u044f \u0444\u0440\u0435\u0439\u043c\u0432\u043e\u0440\u043a Starlette \u044f\u0432\u043b\u044f\u0435\u0442\u0441\u044f \u0432\u0430\u0436\u043d\u044b\u043c \u043a\u043e\u043c\u043f\u043e\u043d\u0435\u043d\u0442\u043e\u043c \u0442\u0430\u043a\u0438\u0445 \u043f\u0440\u043e\u0435\u043a\u0442\u043e\u0432, \u043a\u0430\u043a LiteLLM, vLLM, \u043f\u0440\u043e\u043a\u0441\u0438-\u0441\u0435\u0440\u0432\u0435\u0440\u044b \u0434\u043b\u044f \u0418\u0418, \u0441\u0435\u0440\u0432\u0435\u0440\u044b MCP \u0438 \u0434\u0430\u0436\u0435 \u0444\u0440\u0435\u0439\u043c\u0432\u043e\u0440\u043a\u0438 \u0434\u043b\u044f \u0430\u0433\u0435\u043d\u0442\u043e\u0432 \u0418\u0418.\n\nX41 D-Sec \u0442\u0430\u043a\u0436\u0435 \u043f\u0440\u0435\u0434\u0441\u0442\u0430\u0432\u0438\u043b\u0430 \u0438\u043d\u0441\u0442\u0440\u0443\u043c\u0435\u043d\u0442 \u0434\u043b\u044f \u0441\u043a\u0430\u043d\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u044f \u0438 \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0441\u0438\u0441\u0442\u0435\u043c \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u0418\u0418 \u043a \u0430\u0442\u0430\u043a\u0430\u043c \u0442\u0438\u043f\u0430 BadHost.", "creation_timestamp": "2026-05-27T11:18:38.000000Z"}, {"uuid": "0282b691-124b-4036-ac8d-07a26e3b05d5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-48710", "type": "seen", "source": "https://bsky.app/profile/newsycombinatorbot.bsky.social/post/3mmtm5bwv5y2q", "content": "BadHost \u2013 CVE-2026-48710: Starlette Host-Header Auth Bypass (badhost.org)\n\nDiscussion | Main Link", "creation_timestamp": "2026-05-27T13:24:06.449710Z"}, {"uuid": "828bf23e-80b8-4a49-ad41-136a025bedf2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-48710", "type": "seen", "source": "https://bsky.app/profile/hn100.atproto.rocks/post/3mmtrk6jds322", "content": "BadHost \u2013 CVE-2026-48710: Starlette Host-Header Auth Bypass\nhttps://badhost.org/\n\nhttps://news.ycombinator.com/item?id=48277107", "creation_timestamp": "2026-05-27T15:00:45.414936Z"}, {"uuid": "6f5d2984-d051-4c4e-9b6e-c140fb1f1fea", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-48710", "type": "seen", "source": "https://bsky.app/profile/aiweekly.bsky.social/post/3mmtrrtn4r72y", "content": "\ud83d\udea8 2 AI alerts:\n\u2192 BNP Paribas Works With Mistral AI to Build European Cybersecurity Defense\u2026\n\u2192 CVE-2026-48710 'BadHost': Critical Starlette Auth-Bypass Imperils Millions of\u2026\n\nhttps://aiweekly.co/ai-news-today?utm_source=bluesky", "creation_timestamp": "2026-05-27T15:05:04.898492Z"}, {"uuid": "d64b5359-3739-4f9b-b96d-826682d62070", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-48710", "type": "seen", "source": "https://bsky.app/profile/securityrss.bsky.social/post/3mmttla2wfj2u", "content": "A critical vulnerability, tracked as CVE-2026-48710 and named BadHost, affects Starlette, an open-source framework with 325 million weekly downloads. This flaw allows attackers to exploit servers running AI agents, compromising sensitive data and credentials. Affected versions are prior to 1.0.", "creation_timestamp": "2026-05-27T15:37:09.201648Z"}, {"uuid": "16405ebc-482f-462b-aff8-df2c2f03b4ae", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-48710", "type": "seen", "source": "https://bsky.app/profile/LLMs.activitypub.awakari.com.ap.brid.gy/post/3mmty7qy5kqh2", "content": "Attackers Can Exploit BadHost to Access Sensitive AI Agent Server Endpoints A newly disclosed critical vulnerability, tracked as CVE-2026-48710 and dubbed \u201cBadHost,\u201d is putting thousands of AI-...\n\n#AI #Cyber #Security #News #Vulnerability #cyber [\u2026] \n\n[Original post on cybersecuritynews.com]", "creation_timestamp": "2026-05-27T17:00:43.626114Z"}, {"uuid": "500b4652-6a54-4b25-b563-d498b0abecfd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-48710", "type": "seen", "source": "https://bsky.app/profile/pmloik.bsky.social/post/3mmuy3mednn24", "content": "Top 3 CVE for last 7 days:\nCVE-2026-45250: 72 interactions\nCVE-2026-46333: 18 interactions\nCVE-2026-69: 18 interactions\n\n\nTop 3 CVE for yesterday:\nCVE-2026-48095: 11 interactions\nCVE-2026-48710: 4 interactions\nCVE-2026-1933: 3 interactions\n", "creation_timestamp": "2026-05-28T02:30:33.020696Z"}, {"uuid": "48d9851b-7280-4409-9a93-9b935d908068", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-48710", "type": "seen", "source": "Telegram/XPzjER_VXnqDaL0x3el2A57nJCguhK8qowmsl0HK-KFshHo", "content": "", "creation_timestamp": "2026-05-27T21:09:44.000000Z"}, {"uuid": "4ffeca87-e3af-4048-8da5-7630cbce0e75", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-48710", "type": "seen", "source": "https://bsky.app/profile/barredspirals.comint.su/post/3mmv4k56npckp", "content": "snake cultists just can't stop winning https://www.cyberkendra.com/2026/05/badhost-cve-2026-48710-one-rogue-header.html", "creation_timestamp": "2026-05-28T03:50:17.710705Z"}, {"uuid": "c91e3dd0-c21a-4cc1-a543-10bd249af774", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-48710", "type": "seen", "source": "https://bsky.app/profile/hackmag.com/post/3mmvagyksh22s", "content": "\ud83d\udfe2 BadHost vulnerability in the Starlette framework poses a threat to AI agents\n\n\ud83d\udde8\ufe0f Researchers are warning about a critical vulnerability, CVE-2026-48710, discovered in the open-source Starlette framewor\u2026\n\n#news", "creation_timestamp": "2026-05-28T05:00:04.988037Z"}, {"uuid": "edfcdaac-d6f9-4657-9696-7f4fab19eb46", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-48710", "type": "seen", "source": "https://t.me/GithubRedTeam/86224", "content": "\ud83d\udea8 GitHub \u76d1\u63a7\u6d88\u606f\u63d0\u9192\n\n\ud83d\udea8 \u53d1\u73b0\u5173\u952e\u8bcd\uff1a #CVE-2026 #Exploit\n\n\ud83d\udce6 \u9879\u76ee\u540d\u79f0\uff1a BadHost-CVE-2026-48710-Exploit\n\ud83d\udc64 \u9879\u76ee\u4f5c\u8005\uff1a Bhanunamikaze\n\ud83d\udee0 \u5f00\u53d1\u8bed\u8a00\uff1a Python\n\u2b50 Star\u6570\u91cf\uff1a 0  |  \ud83c\udf74 Fork\u6570\u91cf\uff1a 0\n\ud83d\udcc5 \u66f4\u65b0\u65f6\u95f4\uff1a 2026-05-28 09:59:49\n\n\ud83d\udcdd \u9879\u76ee\u63cf\u8ff0\uff1a\n\u65e0\u63cf\u8ff0\n\n\ud83d\udd17 \u70b9\u51fb\u8bbf\u95ee\u9879\u76ee\u5730\u5740", "creation_timestamp": "2026-05-28T10:00:04.000000Z"}]}