BadHost – CVE-2026-48710 Starlette Host-Header Auth Bypass
ylk
14 points
3 comments
May 26, 2026
Related Discussions
Found 5 related stories in 113.1ms across 10,500 title embeddings via pgvector HNSW
- Badhost and Starlette - most people are dumb kludex · 13 pts · May 29, 2026 · 71% similar
- CPanel and WHM Authentication Bypass – CVE-2026-41940 zikani_03 · 79 pts · April 30, 2026 · 59% similar
- Hackers are actively exploiting a bug in cPanel and WHM dotmanish · 34 pts · April 30, 2026 · 53% similar
- SSH has no Host header apitman · 28 pts · March 18, 2026 · 52% similar
- Notepad++ Zero-Click RCE via Path Traversal (CVE-2026-52884) ringzeropirate · 24 pts · June 10, 2026 · 51% similar
Discussion Highlights (2 comments)
ylk
The URL was meant to be https://badhost.org , the site accidentally still has the old canonical meta tag.
ostif-derek
This is a bad one. Rating it a medium understates how hard it hits thousands of downstream projects and billions of installs. People need to patch asap. I'm normally against the "giving a bug a name, logo, and website" trope, but this one is getting poor patch rates because of it being rated a medium and landing right before a big American holiday weekend.