Host Header Validation Bypass in Starlette <1.0.1 Leading to Routing Bypass
CVE-2026-48710 Published on May 26, 2026

Starlette has missing Host header validation that poisons request.url.path, bypassing path-based security checks
Starlette is a lightweight ASGI framework/toolkit. Prior to version 1.0.1, the HTTP `Host` request header was not validated before being used to reconstruct `request.url`. Because the routing algorithm relies on the raw HTTP path while `request.url` is rebuilt from the `Host` header, a malformed header could make `request.url.path` differ from the path that was actually requested. Middleware and endpoints that apply security restrictions based on `request.url` (rather than the raw `scope` path) could therefore be bypassed. Users should upgrade to a version greater than or equal to version 1.0.1, which validates the `Host` header against the grammar of RFC 9112 §3.2 / RFC 3986 §3.2.2 when constructing `request.url` and falls back to `scope["server"]` for malformed values.

NVD

Vulnerability Analysis

CVE-2026-48710 is exploitable with network access, and does not require authorization privileges or user interaction. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to have a small impact on confidentiality and integrity, and no impact on availability.

Attack Vector:
NETWORK
Attack Complexity:
LOW
Privileges Required:
NONE
User Interaction:
NONE
Scope:
UNCHANGED
Confidentiality Impact:
LOW
Integrity Impact:
LOW
Availability Impact:
NONE

Weakness Types

What is a HTTP Request Smuggling Vulnerability?

When malformed or abnormal HTTP requests are interpreted by one or more entities in the data flow between the user and the web server, such as a proxy or firewall, they can be interpreted inconsistently, allowing the attacker to "smuggle" a request to one device without the other device being aware of it.

CVE-2026-48710 has been classified to as a HTTP Request Smuggling vulnerability or weakness.

Improper Validation of Unsafe Equivalence in Input

The product receives an input value that is used as a resource identifier or other type of reference, but it does not validate or incorrectly validates that the input is equivalent to a potentially-unsafe value.


Products Associated with CVE-2026-48710

Want to know whenever a new CVE is published for Red Hat products? stack.watch will email you.

 
 
 
 

Affected Versions

Kludex starlette: Red Hat ai-inference-server-3: Red Hat ai-inference-server-3: Red Hat ai-inference-server-3: Red Hat ai-inference-server-3: Red Hat ai-inference-server-3: Red Hat ai-inference-server-3: Red Hat ai-inference-server-3: Red Hat ansible_automation_platform-2: Red Hat ai-inference-server-3: Red Hat ai-inference-server-3: Red Hat ai-inference-server-3: Red Hat ai-inference-server-3: Red Hat ansible_automation_platform-2: Red Hat ai-inference-server-3: Red Hat ai-inference-server-3: Red Hat ansible_automation_platform-2: Red Hat ai-inference-server-3: Red Hat mta-8: Red Hat exploit-intelligence: Red Hat ols-1: Red Hat ai-inference-server-3: Red Hat ai-inference-server-3: Red Hat ai-inference-server-3: Red Hat ols-1: Red Hat openshift-ai: Red Hat rhel-ai-3: Red Hat openshift-hosted-osd4: Red Hat rhel-ai-3: Red Hat openshift-ai: Red Hat rhel-ai-3: Red Hat rhel-ai-3: Red Hat rhel-ai-3: Red Hat rhel-ai-3: Red Hat rhel-ai-3: Red Hat rhn_satellite_6: Red Hat rhel-cla-0: Red Hat rhel-ai-3: Red Hat openshift-ai: Red Hat openshift-ai: Red Hat openshift-ai: Red Hat openshift-ai: Red Hat openshift-ai: Red Hat openshift-ai: Red Hat openshift-ai: Red Hat openshift-ai: Red Hat openshift-ai: Red Hat openshift-ai: Red Hat openshift-ai: Red Hat openshift-ai: Red Hat openshift-ai: Red Hat openshift-ai: Red Hat openshift-ai: Red Hat openshift-ai: Red Hat openshift-ai: Red Hat openshift-ai: Red Hat openshift-ai: Red Hat openshift-ai: Red Hat openshift-ai: Red Hat openshift-ai: Red Hat openshift-ai: Red Hat openshift-ai: Red Hat openshift-ai: Red Hat openshift-ai: Red Hat openshift-ai: Red Hat openshift-ai: Red Hat openshift-ai: Red Hat openshift-ai: Red Hat openshift-ai: Red Hat openshift-ai: Red Hat openshift-ai: Red Hat openshift-ai: Red Hat openshift-ai: Red Hat openshift-ai: Red Hat openshift-ai: Red Hat openshift-ai: Red Hat openshift-ai: Red Hat openshift-ai: Red Hat openshift-ai: Red Hat openshift-ai: Red Hat openshift-ai: Red Hat openshift-ai: Red Hat openshift-ai: Red Hat openshift-ai: Red Hat openshift-ai: Red Hat openshift-ai: Red Hat openshift-ai: Red Hat openshift-ai: Red Hat openshift-ai: Red Hat openshift-ai: Red Hat openshift-ai: Red Hat openshift-ai: Red Hat openshift-ai: Red Hat openshift-ai: Red Hat openshift-ai: Red Hat openshift-ai: Red Hat openshift-ai: Red Hat openshift-ai: Red Hat openshift-ai: Red Hat openshift-ai: Red Hat openshift-ai: Red Hat openshift-ai: Red Hat openshift-ai: Red Hat openshift-ai: Red Hat openshift-ai: Red Hat openshift-ai: Red Hat openshift-ai: Red Hat openshift-ai: Red Hat openshift-ai: Red Hat openshift-ai: Red Hat openshift-ai: Red Hat openshift-ai: Red Hat openshift-ai: Red Hat openshift-ai: Red Hat openshift-ai: Red Hat openshift-ai: Red Hat openshift-ai: Red Hat services-ansible-lightspeed-chatbot: Red Hat rhn_satellite_6: Red Hat rhn_satellite_6: Red Hat rhn_satellite_6: Red Hat rhn_satellite_6: Red Hat rhn_satellite_6: Red Hat openshift-ai: Red Hat rhn_satellite_6: Red Hat services-ansible-lightspeed-chatbot: Red Hat services-ansible-lightspeed-chatbot: Red Hat rhn_satellite_6: Red Hat rhn_satellite_6: Red Hat services-ansible-nexus: Red Hat services-inventory: Red Hat services-inventory: Red Hat services-ansible-lightspeed-chatbot: Red Hat services-management-platform: Red Hat services-digital-roadmap: Red Hat services-ansible-on-clouds: Red Hat services-management-platform: Red Hat services-ansible-lightspeed-chatbot: Red Hat services-rhel-lightspeed: Red Hat services-lightspeed-agent-google-cloud: Red Hat services-vulnerability-engine: Red Hat services-vulnerability-engine: Red Hat services-vulnerability-engine:

Exploit Probability

EPSS
1.00%
Percentile
58.34%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.