BadHost Vulnerability Exposes Sensitive AI Agent Server Endpoints to Attackers

**Executive Summary:** BadHost (CVE-2026-48710) is a critical Host header handling vulnerability in the Starlette framework that lets unauthenticated attackers manipulate request.url to bypass path-based access controls, exposing FastAPI-based AI services and inference servers (vLLM, LiteLLM, MCP servers, OpenAI-compatible APIs) to unauthorized access; organizations are advised to upgrade to Starlette 1.0.1+, validate Host headers at application and proxy layers, and adopt stronger, layered authentication.