BadHost – CVE-2026-48710 Starlette Host-Header Auth Bypass
ylk
14 points
3 comments
May 26, 2026
Related Discussions
Found 5 related stories in 93.1ms across 8,541 title embeddings via pgvector HNSW
- CPanel and WHM Authentication Bypass – CVE-2026-41940 zikani_03 · 79 pts · April 30, 2026 · 59% similar
- Hackers are actively exploiting a bug in cPanel and WHM dotmanish · 34 pts · April 30, 2026 · 53% similar
- SSH has no Host header apitman · 28 pts · March 18, 2026 · 52% similar
- CPanel's Black Week: 3 New Vulnerabilities Patched After Attack on 44k Servers ggallas · 117 pts · May 09, 2026 · 51% similar
- "Dirty Frag" (CVE-2026-43284): The Second Linux Root Exploit in Eight Days ggallas · 31 pts · May 09, 2026 · 51% similar
Discussion Highlights (2 comments)
ylk
The URL was meant to be https://badhost.org , the site accidentally still has the old canonical meta tag.
ostif-derek
This is a bad one. Rating it a medium understates how hard it hits thousands of downstream projects and billions of installs. People need to patch asap. I'm normally against the "giving a bug a name, logo, and website" trope, but this one is getting poor patch rates because of it being rated a medium and landing right before a big American holiday weekend.