Attackers Can Exploit BadHost to Access Sensitive AI Agent Server Endpoints

**Executive Summary:** A critical Host-header handling vulnerability (CVE-2026-48710, “BadHost”) in Starlette < 1.0.1 can let attackers craft Host values that change request.url interpretation and bypass authentication middleware in FastAPI/ASGI-based AI services, risking exposure of LLM endpoints, API keys, internal tools, and compute resources; recommended mitigations include upgrading Starlette, validating Host headers via reverse proxies, and avoiding request.url.path for security logic.