The BadHost vulnerability, tracked as CVE-2026-48710, permits single-character HTTP Host header injection to bypass path-based authorization in Starlette versions before 1.0.1, directly impacting FastAPI, vLLM, LiteLLM, and MCP servers per X41 D-Sec and Ars Technica reporting.

Primary sources confirm Starlette's 325 million weekly downloads and its role as ASGI core for thousands of dependent packages, with the flaw enabling credential theft from exposed MCP endpoints that store third-party database, email, and calendar access tokens; X41 D-Sec scanner data shows widespread internet-facing instances without firewall mitigation.

Related disclosures from Nemesis and Secwest detail the 7.0 CVSS rating's understatement for agent harnesses and eval dashboards, revealing patterns of unpatched open-source dependencies in production AI tooling that predate capability-focused announcements.