Vulnerability Management High-severity Starlette vulnerability ‘BadHost’ could expose sensitive data May 27, 2026 Share By SC Staff (Adobe Stock) A high-severity vulnerability dubbed "BadHost" has been disclosed in the Starlette Python web framework, potentially allowing attackers to bypass security checks and exfiltrate sensitive data from millions of AI agents, as reported by Tech Radar. The flaw, tracked as CVE-2026-48710, arises from the framework's handling of malformed Host headers. Attackers can exploit this by sending crafted headers that cause Starlette to construct incorrect URLs, leading security measures to inspect the wrong paths. While patched in version 1.0.1, researchers warn that vulnerable versions remain widely deployed. Experts suggest the 7/10 severity score understates the true risk, with potential exposure of data from AI agents, biopharma, IoT, SaaS, and more. Immediate upgrades and environment scans are urged for affected organizations. Source: Tech Radar SC Staff Related Vulnerability Management CISA adds LiteSpeed cPanel plugin bug to exploited vulnerabilities list Steve Zurier May 27, 2026 CISA warns of exploited LiteSpeed flaw putting shared hosting at risk. Vulnerability Management Drupal bug added to CISA list of known exploited vulnerabilities Steve Zurier May 26, 2026 Drupal SQL injection flaw CVE-2026-9082 added to CISA KEV as active attacks target sites. Vulnerability Management Critical vulnerability in Universal Robots’ PolyScope OS allows remote command execution SC Staff May 26, 2026 The vulnerability, tracked as CVE-2026-8153 with a CVSS score of 9.8, affects all PolyScope software versions prior to 5.25.1. Get daily email updates SC Media's daily must-read of the most current and pressing daily news Business Email By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy . Subscribe Related Terms Bug Buffer Overflow Disassembly You can skip this ad in 5 seconds