1. Forum
  2. tqwNet
  3. TQW GENTECH

  • Worrying open-source security issue 'BadHost' could affect millio

    From TechnologyDaily@1337:1/100 to All on Wed May 27 17:15:26 2026
    Worrying open-source security issue 'BadHost' could affect millions of AI agents, experts warn

    Date:
    Wed, 27 May 2026 16:05:00 +0000

    Description:
    The risk is "materially understated", researchers are saying as passwords and critical data can be exfiltrated.

    FULL STORY ======================================================================Copy link Facebook X Whatsapp Reddit Pinterest Flipboard Threads Email Share this article 0 Join the conversation Follow us Add us as a preferred source on Google Newsletter Subscribe to our newsletter Secwest discloses CVE202648710 (BadHost), a highseverity flaw in Starlette that lets attackers abuse malformed Host headers to bypass security checks and exfiltrate sensitive
    data Starlette underpins frameworks like FastAPI and is widely deployed; researchers warn the 7/10 score understates the risk, with AI agent, biopharma, IoT, and SaaS data potentially exposed The bug was patched in version 1.0.1, but vulnerable builds remain common in production, making immediate upgrades and environment scans critical A lightweight Python web framework called Starlette carried a high-severity vulnerability which could allow malicious actors to exfiltrate sensitive data from millions of AI
    agents , experts have warned.

    Some researchers are even suggesting current descriptions of the flaw dont do it justice as it is one of the bigger and potentially more disruptive flaws
    in recent times. Starlette is a Python web framework and tool built for creating fast web applications and APIs using the Asynchronous Server Gateway Interface (ASGI) standard. Being open source, it receives around 325 million downloads every week and is the foundation of many popular frameworks (for example, FastAPI). Latest Videos From You may like Weak safeguards leave thousands of AI agents open to attack Top open source AI platform Flowise hit by maximum-level security issue LangChain framework hit by several worrying security issues BadHost fixed with a patch The problem stems from the fact that Starlette has access to servers running the Model Context Protocol
    (MCP), a tool that allows AI agents to search the web or access third-party services. To be able to work properly, that tool needs to have the right permissions and needs to store the right passwords.

    Security researchers Secwest found a flaw that allowed attackers to send a fake or malformed Host header (a piece of information websites use to understand which address was requested). In some cases, Starlette would build the request URL using this fake data, causing security checks to look at the wrong path.

    The bug is dubbed BadHost, and is now tracked as CVE-2026-48710. It was given a severity score of 7/10 (high) and was fixed in Starlette version 1.0.1.

    For Secwest, giving BadHost a 7/10 materially understates the severity of the threat. It claims that at this very moment, biopharma AI data, identity verification data, IoT and industrial data, emails, SaaS data, and more, are all exposed. Are you a pro? Subscribe to our newsletter Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed! Contact me with news and offers from other Future brands Receive email from us on behalf of our trusted partners
    or sponsors By submitting your information you agree to the Terms &
    Conditions and Privacy Policy and are aged 16 or over.

    While it did patch the flaw, Starlette did not comment on the findings. Ars Technica says vulnerable versions are still widely used in production
    systems, and that businesses should at least scan to see if they are among those at risk. The best antivirus for all budgets Our top picks, based on real-world testing and comparisons

    Read our full guide to the best antivirus 1. Best overall: Bitdefender Total Security 2. Best for families: Norton 360 with LifeLock 3. Best for mobile: McAfee Mobile Security Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds.



    ======================================================================
    Link to news story: https://www.techradar.com/pro/security/worrying-open-source-security-issue-bad host-could-affect-millions-of-ai-agents-experts-warn


    --- Mystic BBS v1.12 A49 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)