BadHost (CVE-2026-48710): Host-Header Auth Bypass in Starlette Exposes vLLM, LiteLLM, and MCP Servers

Tools media only 2 src. ~1 min

CVE-2026-48710 'BadHost' is a critical authentication-bypass vulnerability in Starlette (all versions before 1.0.1) that allows unauthenticated attackers to access restricted endpoints by injecting /, ?, or # characters into the HTTP Host header, shifting path-parsing boundaries. The blast radius covers vLLM, LiteLLM, thousands of MCP server deployments, and FastAPI-based AI agent backends. Fix: upgrade Starlette to >= 1.0.1.

Why it matters

The first widely-publicized critical CVE specifically targeting AI agent infrastructure; a single-header manipulation can expose LLM API keys, internal agent tooling, and GPU compute resources to unauthenticated attackers.

Importance: 4/5

Critical CVE affecting widely deployed AI infrastructure (vLLM, MCP); multiple independent security media confirmations and a dedicated disclosure site.

security mcp vllm inference bug-fix

Sources

media Attackers Can Exploit BadHost to Access Sensitive AI Agent Server Endpoints — CyberSecurityNews

media BadHost Vulnerability Exposes AI Agents, Evaluators, and LLM Gateways — InfoQ