A newly disclosed critical vulnerability, tracked as CVE-2026-48710 and dubbed “BadHost,” is putting thousands of AI-powered applications at risk by enabling authentication bypass through manipulated HTTP headers. The flaw affects Starlette versions before 1.0.1, a core framework widely used in FastAPI-based applications powering modern AI infrastructure, including LLM inference servers, agent frameworks, and MCP gateways. […]
The post Attackers Can Exploit BadHost to Access Sensitive AI Agent Server Endpoints appeared first on Cyber Security News.