A critical security flaw in Starlette, an open source framework downloaded 325 million times weekly, puts millions of AI agents at risk of server breaches and credential theft. Security researchers warn that attackers can exploit CVE-2026-48710, branded BadHost, to bypass authorization and access sensitive third-party accounts.

The vulnerability stems from a single character injected into HTTP Host headers, which circumvents path-based authorization in Starlette's routing system. Since Starlette powers FastAPI and other Python frameworks, the exploit affects vLLM, LiteLLM, and countless MCP servers that manage credentials for email, calendar, and user databases.

X41 D-Sec discovered the flaw and rated it as having critical severity, though official CVE scoring places it at 7 out of 10. The security firm teamed up with Nemesis to release an online scanner helping administrators check their servers for exposure. BadHost impacts all Starlette versions before 1.0.1, released Friday.

Organizations running AI tooling, model management interfaces, or eval dashboards should immediately patch their systems or implement firewall protections. The widespread dependency on Starlette across the Python AI ecosystem means this vulnerability could expose credentials for thousands of external services simultaneously.