High-severity Starlette vulnerability ‘BadHost’ could expose sensitive data

May 27, 2026

Cybersecurity Alert Critical System Vulnerability Detected

(Adobe Stock)

A high-severity vulnerability dubbed "BadHost" has been disclosed in the Starlette Python web framework, potentially allowing attackers to bypass security checks and exfiltrate sensitive data from millions of AI agents, as reported by Tech Radar.

The flaw, tracked as CVE-2026-48710, arises from the framework's handling of malformed Host headers. Attackers can exploit this by sending crafted headers that cause Starlette to construct incorrect URLs, leading security measures to inspect the wrong paths. While patched in version 1.0.1, researchers warn that vulnerable versions remain widely deployed.

Experts suggest the 7/10 severity score understates the true risk, with potential exposure of data from AI agents, biopharma, IoT, SaaS, and more. Immediate upgrades and environment scans are urged for affected organizations.

Source: Tech Radar

SC Staff

System hacked warning alert on laptop computer. Cyber attack on computer network, virus, spyware, malware or malicious software. Cyber security and cybercrime concept. System security technology (3)

Vulnerability Management

SimpleHelp vulnerability allows unauthenticated attackers to create privileged accounts

SC StaffJune 16, 2026

The flaw, affecting SimpleHelp versions 5.5.15 and older, and 6.0 pre-release versions, stems from improper validation of identity assertions from an OIDC identity provider.