Plan
active
CVE-2026-48710: Starlette Host-Header Auth Bypass, PoC Public
- Engineer — Plan: Starlette is widely used in Python ASGI applications; a host-header auth bypass with a public GitHub PoC is a real exposure for any service relying on host-based access control. EPSS is 0.01 and no KEV listing, so immediate emergency patching isn’t warranted, but you should upgrade Starlette to the patched version within your next patch window and audit any middleware that trusts the Host header for routing or authorization decisions.
- SOC/IR — Skip
- Leader — Skip
- Signals: CVE-2026-48710 — CISA KEV: not listed, EPSS 0.01, public PoC on GitHub
This entry was curated and judged by AI (Claude) with automated enrichment
(CISA KEV / EPSS / public PoC). Verify against the original source before
acting. Found a bad verdict?
Report it —
confirmed errors go to the corrections log.