Introduction to the Vulnerability
A critical vulnerability has been discovered in the Starlette open source framework, which is used by millions of AI agents and tools worldwide. This vulnerability can allow hackers to breach servers and steal sensitive data and credentials. The Starlette framework is an implementation of the ASGI, which enables efficient processing of large numbers of requests simultaneously.
Impact on AI Agents
The vulnerability, tracked as CVE-2026-48710, is trivial to exploit and works against most systems that aren’t behind a properly configured firewall. It affects Starlette versions prior to 1.0.1 and can bypass path-based authorization. This means that millions of servers are exposed, including those running FastAPI, vLLM, and LiteLLM. The vulnerability has a severity rating of 7 out of 10, but security firms consider it to have critical severity.
Source
Original reporting by Ars Technica.