Host Header Validation Bypass in Starlette <1.0.1 Leading to Routing Bypass
CVE-2026-48710 Published on May 26, 2026
Starlette has missing Host header validation that poisons request.url.path, bypassing path-based security checks
Starlette is a lightweight ASGI framework/toolkit. Prior to version 1.0.1, the HTTP `Host` request header was not validated before being used to reconstruct `request.url`. Because the routing algorithm relies on the raw HTTP path while `request.url` is rebuilt from the `Host` header, a malformed header could make `request.url.path` differ from the path that was actually requested. Middleware and endpoints that apply security restrictions based on `request.url` (rather than the raw `scope` path) could therefore be bypassed. Users should upgrade to a version greater than or equal to version 1.0.1, which validates the `Host` header against the grammar of RFC 9112 §3.2 / RFC 3986 §3.2.2 when constructing `request.url` and falls back to `scope["server"]` for malformed values.
Vulnerability Analysis
CVE-2026-48710 is exploitable with network access, and does not require authorization privileges or user interaction. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to have a small impact on confidentiality and integrity, and no impact on availability.
Privileges Required:
NONE
Confidentiality Impact:
LOW
Availability Impact:
NONE
Weakness Types
What is a HTTP Request Smuggling Vulnerability?
When malformed or abnormal HTTP requests are interpreted by one or more entities in the data flow between the user and the web server, such as a proxy or firewall, they can be interpreted inconsistently, allowing the attacker to "smuggle" a request to one device without the other device being aware of it.
CVE-2026-48710 has been classified to as a HTTP Request Smuggling vulnerability or weakness.
Improper Validation of Unsafe Equivalence in Input
The product receives an input value that is used as a resource identifier or other type of reference, but it does not validate or incorrectly validates that the input is equivalent to a potentially-unsafe value.
Products Associated with CVE-2026-48710
Want to know whenever a new CVE is published for Red Hat products? stack.watch will email you.
Affected Versions
Kludex
starlette:
-
Version < 1.0.1
is affected.
Red Hat
ai-inference-server-3:
Red Hat
ai-inference-server-3:
Red Hat
ai-inference-server-3:
Red Hat
ai-inference-server-3:
Red Hat
ai-inference-server-3:
Red Hat
ai-inference-server-3:
Red Hat
ai-inference-server-3:
Red Hat
ansible_automation_platform-2:
Red Hat
ai-inference-server-3:
Red Hat
ai-inference-server-3:
Red Hat
ai-inference-server-3:
Red Hat
ai-inference-server-3:
Red Hat
ansible_automation_platform-2:
Red Hat
ai-inference-server-3:
Red Hat
ai-inference-server-3:
Red Hat
ansible_automation_platform-2:
Red Hat
ai-inference-server-3:
Red Hat
mta-8:
Red Hat
exploit-intelligence:
Red Hat
ols-1:
Red Hat
ai-inference-server-3:
Red Hat
ai-inference-server-3:
Red Hat
ai-inference-server-3:
Red Hat
ols-1:
Red Hat
openshift-ai:
Red Hat
rhel-ai-3:
Red Hat
openshift-hosted-osd4:
Red Hat
rhel-ai-3:
Red Hat
openshift-ai:
Red Hat
rhel-ai-3:
Red Hat
rhel-ai-3:
Red Hat
rhel-ai-3:
Red Hat
rhel-ai-3:
Red Hat
rhel-ai-3:
Red Hat
rhn_satellite_6:
Red Hat
rhel-cla-0:
Red Hat
rhel-ai-3:
Red Hat
openshift-ai:
Red Hat
openshift-ai:
Red Hat
openshift-ai:
Red Hat
openshift-ai:
Red Hat
openshift-ai:
Red Hat
openshift-ai:
Red Hat
openshift-ai:
Red Hat
openshift-ai:
Red Hat
openshift-ai:
Red Hat
openshift-ai:
Red Hat
openshift-ai:
Red Hat
openshift-ai:
Red Hat
openshift-ai:
Red Hat
openshift-ai:
Red Hat
openshift-ai:
Red Hat
openshift-ai:
Red Hat
openshift-ai:
Red Hat
openshift-ai:
Red Hat
openshift-ai:
Red Hat
openshift-ai:
Red Hat
openshift-ai:
Red Hat
openshift-ai:
Red Hat
openshift-ai:
Red Hat
openshift-ai:
Red Hat
openshift-ai:
Red Hat
openshift-ai:
Red Hat
openshift-ai:
Red Hat
openshift-ai:
Red Hat
openshift-ai:
Red Hat
openshift-ai:
Red Hat
openshift-ai:
Red Hat
openshift-ai:
Red Hat
openshift-ai:
Red Hat
openshift-ai:
Red Hat
openshift-ai:
Red Hat
openshift-ai:
Red Hat
openshift-ai:
Red Hat
openshift-ai:
Red Hat
openshift-ai:
Red Hat
openshift-ai:
Red Hat
openshift-ai:
Red Hat
openshift-ai:
Red Hat
openshift-ai:
Red Hat
openshift-ai:
Red Hat
openshift-ai:
Red Hat
openshift-ai:
Red Hat
openshift-ai:
Red Hat
openshift-ai:
Red Hat
openshift-ai:
Red Hat
openshift-ai:
Red Hat
openshift-ai:
Red Hat
openshift-ai:
Red Hat
openshift-ai:
Red Hat
openshift-ai:
Red Hat
openshift-ai:
Red Hat
openshift-ai:
Red Hat
openshift-ai:
Red Hat
openshift-ai:
Red Hat
openshift-ai:
Red Hat
openshift-ai:
Red Hat
openshift-ai:
Red Hat
openshift-ai:
Red Hat
openshift-ai:
Red Hat
openshift-ai:
Red Hat
openshift-ai:
Red Hat
openshift-ai:
Red Hat
openshift-ai:
Red Hat
openshift-ai:
Red Hat
openshift-ai:
Red Hat
openshift-ai:
Red Hat
openshift-ai:
Red Hat
openshift-ai:
Red Hat
openshift-ai:
Red Hat
openshift-ai:
Red Hat
openshift-ai:
Red Hat
openshift-ai:
Red Hat
openshift-ai:
Red Hat
openshift-ai:
Red Hat
openshift-ai:
Red Hat
services-ansible-lightspeed-chatbot:
Red Hat
rhn_satellite_6:
Red Hat
rhn_satellite_6:
Red Hat
rhn_satellite_6:
Red Hat
rhn_satellite_6:
Red Hat
rhn_satellite_6:
Red Hat
openshift-ai:
Red Hat
rhn_satellite_6:
Red Hat
services-ansible-lightspeed-chatbot:
Red Hat
services-ansible-lightspeed-chatbot:
Red Hat
rhn_satellite_6:
Red Hat
rhn_satellite_6:
Red Hat
services-ansible-nexus:
Red Hat
services-inventory:
Red Hat
services-inventory:
Red Hat
services-ansible-lightspeed-chatbot:
Red Hat
services-management-platform:
Red Hat
services-digital-roadmap:
Red Hat
services-ansible-on-clouds:
Red Hat
services-management-platform:
Red Hat
services-ansible-lightspeed-chatbot:
Red Hat
services-rhel-lightspeed:
Red Hat
services-lightspeed-agent-google-cloud:
Red Hat
services-vulnerability-engine:
Red Hat
services-vulnerability-engine:
Red Hat
services-vulnerability-engine:
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.