Threats Tagged 'cve-2026-54282'
View all threats tagged with 'cve-2026-54282'. Filter and sort to focus on specific types of threats.
Stop chasing alerts. Route them.
Start free, then upgrade once to turn Radar into an automated delivery engine for your security stack.
Custom feeds / Automations: email, Slack, webhooks, SIEM/MISP / API access (baseline limits)
API access activates after upgrading in Console -> Billing.
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.
Filter Threats
Narrow down the results by type, severity, or affected countries
Threats Tagged 'cve-2026-54282'
Click on any threat for detailed analysis and mitigation recommendations
CVE-2026-54282: CWE-706: Use of Incorrectly-Resolved Name or Reference in Kludex starletteCVE-2026-54282 0 Starlette is a lightweight ASGI framework/toolkit. Prior to 1.3.0, the HTTP request path is not validated before being used to reconstruct request.url. Because request.url is rebuilt by concatenating {scheme}://{host}{path} and re-parsing the result, a path that does not begin with / (for example @google.com) moves the authority boundary during re-parsing, so request.url.hostname and request.url.netloc become attacker-controlled. Code that reads request.url.hostname (rather than the Host header or scope) can therefore be misled into trusting an attacker-supplied host. This vulnerability is fixed in 1.3.0. Join the discussion | CVE Database V5 | 06/22/2026, 16:45:01 UTC Added: 06/22/2026, 17:39:40 UTC |
Showing 1 to 1 of 1 result