tag: Python · 1 items
- Engineer — Plan: Starlette is widely used in Python ASGI applications; a host-header auth bypass with a public GitHub PoC is a real exposure for any service relying on host-based access control. EPSS is 0.01 and no KEV listing, so immediate emergency patching isn’t warranted, but you should upgrade Starlette to the patched version within your next patch window and audit any middleware that trusts the Host header for routing or authorization decisions.
- SOC/IR — Skip
- Leader — Skip
- Signals: CVE-2026-48710 — CISA KEV: not listed, EPSS 0.01, public PoC on GitHub