BadHost Exploit Exposes Sensitive AI Agent Server Endpoints

A critical vulnerability named "BadHost" (CVE-2026-48710) in Starlette allows an attacker to inject path-altering characters into the Host header so that request.url.path diverges from the raw HTTP path, resulting in trivial authentication bypass and, in some setups, SSRF and remote code execution; the issue impacts FastAPI-based AI backends and popular inference servers, carries a CVSS 7.0 (High) rating, and was patched in Starlette 1.0.1 on May 21, 2026 with recommended mitigations including upgrading, using request.scope["path"] in middleware, and rejecting malformed Host headers at the proxy.