https://cybercrime.club/tags/starlette/Infrastructure security news for people who build infrastructure.Hugo -- gohugo.ioen-usThu, 28 May 2026 23:08:54 -0400https://cybercrime.club/posts/starlette-cve-2026-48710-badhost-host-header-auth-bypass/Thu, 28 May 2026 23:08:54 -0400https://cybercrime.club/posts/starlette-cve-2026-48710-badhost-host-header-auth-bypass/BadHost (CVE-2026-48710) is a Host-header authentication bypass in Starlette before 1.0.1. One malformed header makes request.url.path lie to your middleware — unlocking protected routes on FastAPI, vLLM, LiteLLM, and MCP servers without credentials.vulnerabilities