Skip to main content
Press slash or control plus K to focus the search. Use the arrow keys to navigate results and press enter to open a threat.
Reconnecting to live updates…
EPSS 1.4%top 30%

CVE-2026-48710: CWE-444: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') in Kludex starlette

0
Medium
VulnerabilityCVE-2026-48710cvecve-2026-48710cwe-444
Published: 05/26/2026 (05/26/2026, 21:54:54 UTC)
Source: CVE Database V5
Vendor/Project: Kludex
Product: starlette

Description

Starlette is a lightweight ASGI framework/toolkit. Prior to version 1.0.1, the HTTP `Host` request header was not validated before being used to reconstruct `request.url`. Because the routing algorithm relies on the raw HTTP path while `request.url` is rebuilt from the `Host` header, a malformed header could make `request.url.path` differ from the path that was actually requested. Middleware and endpoints that apply security restrictions based on `request.url` (rather than the raw `scope` path) could therefore be bypassed. Users should upgrade to a version greater than or equal to version 1.0.1, which validates the `Host` header against the grammar of RFC 9112 §3.2 / RFC 3986 §3.2.2 when constructing `request.url` and falls back to `scope["server"]` for malformed values.

CVSS v3.1

Score 6.5medium

Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
Low
Integrity
Low
Availability
None
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

Affected software

starlette
pkg:pypi/starlette
Affected versions
<1.0.1

Run on your own infrastructure? Check whether these packages are installed with threat-finder — our free open-source scanner.

AI-Powered Analysis

Machine-generated threat intelligence

AILast updated: 07/09/2026, 09:26:55 UTC

Technical Analysis

CVE-2026-48710 describes an inconsistent interpretation of HTTP requests in the Kludex Starlette ASGI framework prior to version 1.0.1. The vulnerability arises because the HTTP Host header was not validated before being used to reconstruct request.url. Since routing relies on the raw HTTP path but security checks may rely on request.url.path, a malformed Host header can cause these to differ, enabling bypass of security restrictions that depend on request.url. The issue is addressed in version 1.0.1 by validating the Host header against RFC 9112 §3.2 and RFC 3986 §3.2.2 grammar and falling back to scope["server"] for malformed values.

Potential Impact

This vulnerability allows attackers to craft HTTP requests with malformed Host headers that cause the reconstructed request.url.path to differ from the actual requested path. Middleware or endpoints that enforce security policies based on request.url rather than the raw HTTP path may be bypassed, potentially leading to unauthorized access or privilege escalation. The CVSS score is 6.5 (medium severity), indicating a moderate impact on confidentiality and integrity without affecting availability.

Mitigation Recommendations

Users should upgrade to Starlette version 1.0.1 or later, where the Host header is properly validated and malformed values fallback to a safe server scope. No other mitigation is indicated by the vendor advisory. Patch status is not explicitly stated in the vendor advisory, but upgrading to >=1.0.1 is the recommended fix.

Pro Console: star threats, build custom feeds, automate alerts via Slack, email & webhooks.Upgrade to Pro

Technical Details

Data Version
5.2
Assigner Short Name
GitHub_M
Date Reserved
2026-05-22T18:47:27.755Z
Cvss Version
3.1
State
PUBLISHED
Remediation Level
null
Vendor Advisory Urls
[{"url":"https://access.redhat.com/security/cve/CVE-2026-48710","vendor":"Red Hat"}]

Threat ID: 6a161c3ae29bf47b506f4910

Added to database: 05/26/2026, 22:18:34 UTC

Last enriched: 07/09/2026, 09:26:55 UTC

Last updated: 07/11/2026, 23:03:35 UTC

Views: 206

Community Reviews

0 reviews

Crowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.

Sort by
Loading community insights…

Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.

Actions

Need more coverage?

Upgrade to Pro Console for AI refresh and higher limits.

For incident response and remediation, OffSeq services can help resolve threats faster.

Latest Threats

Breach by OffSeqOFFSEQFRIENDS — 25% OFF

Check if your credentials are on the dark web

Instant breach scanning across billions of leaked records. Free tier available.

Scan now
OffSeq TrainingCredly Certified

Lead Pen Test Professional

Technical5-day eLearningPECB Accredited
View courses