{"id":341349,"date":"2026-05-27T08:06:54","date_gmt":"2026-05-27T02:36:54","guid":{"rendered":"https:\/\/ebiztoday.news\/?p=341349"},"modified":"2026-05-27T08:06:54","modified_gmt":"2026-05-27T02:36:54","slug":"thousands-and-thousands-of-ai-agents-imperiled-by-critical-vulnerability-in-open-source-package","status":"publish","type":"post","link":"https:\/\/ebiztoday.news\/index.php\/2026\/05\/27\/thousands-and-thousands-of-ai-agents-imperiled-by-critical-vulnerability-in-open-source-package\/","title":{"rendered":"Thousands and thousands of AI agents imperiled by critical vulnerability in open source package"},"content":{"rendered":"<div>\n<p>Thousands and thousands of AI agents and tools around the globe have been imperiled by a critical vulnerability that may allow hackers to breach the servers running them and make off with sensitive data and credentials to third-party accounts, a security researcher is warning.<\/p>\n<p>The vulnerability is present in Starlette, an open source framework that its developer says receives 325 million downloads per week. Hundreds of other open source projects are also vulnerable because they require Starlette to work. The framework is an implementation of the ASGI (asynchronous server gateway interface), which allows large numbers of requests to be efficiently processed concurrently. Starlette is the bottom of FastAPI and other widely used frameworks for constructing services in Python apps, in addition to many others.<\/p>\n<h2>Trivial to take advantage of, thousands and thousands of servers exposed<\/h2>\n<p>ASGI, and by extension Starlette, have access to servers running the MCP (model context protocol), which allows AI agents from major providers to access external sources, including user data bases, email and calendar accounts, and all manner of other resources. To attach with these external systems, MCP servers store credentials for every one, making them especially worthwhile storehouses for attackers to breach.<\/p>\n<p>The vulnerability, tracked as CVE-2026-48710 and under the name BadHost, is trivial to take advantage of and works against most systems that aren\u2019t behind a properly configured firewall. Besides FastAPI, other widely used packages\u2014including vLLM, and LiteLLM\u2014are also affected. BadHost affects Starlette versions prior to 1.0.1, which was released Friday.<\/p>\n<p>\u201cA single character injected into the HTTP Host header bypasses path-based authorization in Starlette, the routing core of FastAPI,\u201d researchers from Secwest wrote. \u201cThrough FastAPI, this primitive (now tracked as CVE-2026-48710 and branded BadHost by the discoverers) reaches a big segment of the Python AI tooling ecosystem: vLLM (where the bug was discovered), LiteLLM, Text Generation Inference, most OpenAI-shim proxies, MCP servers, agent harnesses, eval dashboards, and model-management UIs.\u201d<\/p>\n<p>BadHost carries a severity rating of seven out of 10. Secwest said the classification \u201cmaterially understates\u201d the threat it poses to people using other apps that rely upon Starlette. X41 D-Sec, the safety firm that discovered it, described it as having \u201ccritical severity.\u201d X41 D-Sec partnered with fellow security firm Nemesis to create an <a href=\"https:\/\/mcp-scan.nemesis.services\">online scanner<\/a> that may check if a given server is vulnerable.<\/p>\n<\/p><\/div>\n<p><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Thousands and thousands of AI agents and tools around the globe have been imperiled by a critical vulnerability that may allow hackers to breach the servers running them and make off with sensitive data and credentials to third-party accounts, a security researcher is warning. The vulnerability is present in Starlette, an open source framework that [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":341350,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[10],"tags":[2231,4744,52177,4947,1574,9129,4174,18240],"class_list":["post-341349","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-technology","tag-agents","tag-critical","tag-imperiled","tag-millions","tag-open","tag-package","tag-source","tag-vulnerability"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/ebiztoday.news\/index.php\/wp-json\/wp\/v2\/posts\/341349","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/ebiztoday.news\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/ebiztoday.news\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/ebiztoday.news\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/ebiztoday.news\/index.php\/wp-json\/wp\/v2\/comments?post=341349"}],"version-history":[{"count":2,"href":"https:\/\/ebiztoday.news\/index.php\/wp-json\/wp\/v2\/posts\/341349\/revisions"}],"predecessor-version":[{"id":341352,"href":"https:\/\/ebiztoday.news\/index.php\/wp-json\/wp\/v2\/posts\/341349\/revisions\/341352"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/ebiztoday.news\/index.php\/wp-json\/wp\/v2\/media\/341350"}],"wp:attachment":[{"href":"https:\/\/ebiztoday.news\/index.php\/wp-json\/wp\/v2\/media?parent=341349"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/ebiztoday.news\/index.php\/wp-json\/wp\/v2\/categories?post=341349"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/ebiztoday.news\/index.php\/wp-json\/wp\/v2\/tags?post=341349"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}