Is CVE-2026-48710 in the CISA Known Exploited Vulnerabilities catalog?

CVE-2026-48710 is not currently listed in the CISA KEV catalog.

Which frameworks does CVE-2026-48710 affect?

CVE-2026-48710 affects FastAPI.

Vulnerability intelligence

CVE-2026-48710

A malformed Host header bypasses authentication in Starlette — the ASGI framework underneath FastAPI and most of Python's AI agent infrastructure. Modern frameworks are not immune. The difference is how fast they patch.

FastAPI 2026

What WebPulse reported · 1 analysis

CVE-2026-48710 'BadHost': The Vulnerability That Hit FastAPI, vLLM, LiteLLM, and 325 Million Weekly Downloads.

A malformed Host header bypasses authentication in Starlette — the ASGI framework underneath FastAPI and most of Python's AI agent infrastructure. Modern framew

June 14, 2026

View CVE-2026-48710 on the NIST National Vulnerability Database →

Related vulnerabilities

CVE-2026-42271 CVE-2026-9082 CVE-2026-8206 CVE-2026-48019 CVE-2026-35273 CVE-2026-11645 CVE-2026-8181 CVE-2026-47291