Vulnerable Library - fastapi-0.128.8-py3-none-any.whl
Path to dependency file: /requirements.txt
Path to vulnerable library: /tmp/ws-ua_20260203151958_QLDRQL/python_VXNOQS/202602031519591/env/lib/python3.9/site-packages/starlette-0.49.3.dist-info,/tmp/ws-ua_20260414115749_FASALT/python_KPPKZR/202604141157501/env/lib/python3.9/site-packages/starlette-0.49.3.dist-info
Vulnerabilities
| Vulnerability |
Severity |
 CVSS |
Exploit Maturity |
EPSS |
Dependency |
Type |
Fixed in (fastapi version) |
Remediation Possible** |
Reachability |
| CVE-2026-54283 |
 High |
7.5 |
Not Defined |
|
starlette-0.49.3-py3-none-any.whl |
Transitive |
N/A* |
❌ |
|
| CVE-2026-48818 |
High |
7.5 |
Not Defined |
|
starlette-0.49.3-py3-none-any.whl |
Transitive |
N/A* |
❌ |
|
| CVE-2026-48710 |
 Medium |
6.5 |
Not Defined |
0.906% |
starlette-0.49.3-py3-none-any.whl |
Transitive |
N/A* |
❌ |
|
| CVE-2026-48817 |
Medium |
5.3 |
Not Defined |
|
starlette-0.49.3-py3-none-any.whl |
Transitive |
N/A* |
❌ |
|
| CVE-2026-45409 |
Medium |
5.3 |
Not Defined |
0.476% |
idna-3.11-py3-none-any.whl |
Transitive |
N/A* |
❌ |
|
| CVE-2026-54282 |
 Low |
3.7 |
Not Defined |
|
starlette-0.49.3-py3-none-any.whl |
Transitive |
N/A* |
❌ |
|
*For some transitive vulnerabilities, there is no version of direct dependency with a fix. Check the "Details" section below to see if there is a version of transitive dependency where vulnerability is fixed.
**In some cases, Remediation PR cannot be created automatically for a vulnerability despite the availability of remediation
Details
CVE-2026-54283
Vulnerable Library - starlette-0.49.3-py3-none-any.whl
The little ASGI library that shines.
Library home page: https://files.pythonhosted.org/packages/a3/e0/021c772d6a662f43b63044ab481dc6ac7592447605b5b35a957785363122/starlette-0.49.3-py3-none-any.whl
Path to dependency file: /requirements.txt
Path to vulnerable library: /tmp/ws-ua_20260203151958_QLDRQL/python_VXNOQS/202602031519591/env/lib/python3.9/site-packages/starlette-0.49.3.dist-info,/tmp/ws-ua_20260414115749_FASALT/python_KPPKZR/202604141157501/env/lib/python3.9/site-packages/starlette-0.49.3.dist-info
Dependency Hierarchy:
- fastapi-0.128.8-py3-none-any.whl (Root Library)
- ❌ starlette-0.49.3-py3-none-any.whl (Vulnerable Library)
Found in base branch: main
Vulnerability Details
Summary "request.form()" accepts "max_fields" and "max_part_size" to bound resource consumption while parsing form data. These limits are enforced for "multipart/form-data", but silently ignored for "application/x-www-form-urlencoded". An unauthenticated attacker can therefore send a urlencoded body with an arbitrarily large number of fields or an arbitrarily large field, even when the application configured limits it believed would apply. Details "request.form()" dispatches to a different parser depending on the "Content-Type". For "multipart/form-data" the "max_files", "max_fields", and "max_part_size" limits are forwarded to the parser, but for "application/x-www-form-urlencoded" the parser is constructed without them. It has no "max_fields" or "max_part_size" parameter to receive them, and it appends every field with no count check and accumulates each field's name and value with no size check. The configured limits are therefore both unreachable and unenforced for url-encoded bodies. Because the url-encoded parser does its work synchronously between stream reads, the two attack shapes have different effects: - Field count drives CPU and event-loop blocking. A body of ~1,000,000 fields (a sub-10MB payload such as "f0=v&f1=v&...") blocks the worker's event loop for several seconds while parsing, during which the worker serves no other request. - Field size drives memory. A single large field value (e.g. a 50MB value) is buffered in full to build the "FormData", forcing memory allocation proportional to the request body. The equivalent "multipart/form-data" request is correctly rejected with "400 Too many fields" / "400 Field exceeded maximum size". Impact This Denial of service (DoS) vulnerability affects all applications built with Starlette (or FastAPI) that call "request.form()" on "application/x-www-form-urlencoded" requests. A single request with a very large number of fields blocks the event loop for several seconds, and a single request with a very large field forces unbounded memory allocation; in either case, parallel requests can render the service unusable. A reverse proxy that enforces a request body size limit reduces but does not eliminate the exposure, since a sub-10MB body is already enough to block the event loop. Mitigation Upgrade to a patched version, which forwards "max_fields" and "max_part_size" to the url-encoded parser and enforces them while parsing, raising before the oversized field or excess fields are accumulated. The defaults match "multipart/form-data" ("max_fields=1000", "max_part_size=1MB") and can be customized via "request.form(max_fields=..., max_part_size=...)".
Publish Date: 2026-06-15
URL: CVE-2026-54283
Threat Assessment
Exploit Maturity: Not Defined
EPSS:
CVSS 3 Score Details (7.5)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: High
For more information on CVSS3 Scores, click here.
Suggested Fix
Type: Upgrade version
Origin: GHSA-82w8-qh3p-5jfq
Release Date: 2026-06-15
Fix Resolution: starlette - 1.3.1
CVE-2026-48818
Vulnerable Library - starlette-0.49.3-py3-none-any.whl
The little ASGI library that shines.
Library home page: https://files.pythonhosted.org/packages/a3/e0/021c772d6a662f43b63044ab481dc6ac7592447605b5b35a957785363122/starlette-0.49.3-py3-none-any.whl
Path to dependency file: /requirements.txt
Path to vulnerable library: /tmp/ws-ua_20260203151958_QLDRQL/python_VXNOQS/202602031519591/env/lib/python3.9/site-packages/starlette-0.49.3.dist-info,/tmp/ws-ua_20260414115749_FASALT/python_KPPKZR/202604141157501/env/lib/python3.9/site-packages/starlette-0.49.3.dist-info
Dependency Hierarchy:
- fastapi-0.128.8-py3-none-any.whl (Root Library)
- ❌ starlette-0.49.3-py3-none-any.whl (Vulnerable Library)
Found in base branch: main
Vulnerability Details
Summary When serving static files on Windows, "StaticFiles" resolves the requested path with ""os.path.realpath"" (https://docs.python.org/3/library/os.path.html#os.path.realpath). If a UNC path (such as "\attacker.com\share") reaches the resolver, "realpath" causes the process to open a connection to the remote host over SMB (port 445). This is a server-side request forgery (SSRF) that leaks the service account's NTLMv2 credentials to the attacker-controlled host, which can then be cracked offline or relayed to other hosts. Details "StaticFiles.lookup_path()" joins the requested path onto the served directory and calls ""os.path.realpath"" (https://docs.python.org/3/library/os.path.html#os.path.realpath) on the result before checking containment with ""os.path.commonpath"" (https://docs.python.org/3/library/os.path.html#os.path.commonpath). On Windows, a UNC path is absolute, so ""os.path.join"" (https://docs.python.org/3/library/os.path.html#os.path.join) discards the served directory and "realpath" resolves the bare UNC path, triggering the outbound SMB connection and NTLM authentication before the containment check rejects the path. The HTTP response is a benign 404, but the credential disclosure has already happened. POSIX systems are not affected. This only affects the default configuration ("follow_symlink=False"), which uses ""os.path.realpath"" (https://docs.python.org/3/library/os.path.html#os.path.realpath). The "follow_symlink=True" branch uses ""os.path.abspath"" (https://docs.python.org/3/library/os.path.html#os.path.abspath), which performs no I/O. Impact Applications running on Windows that serve files with "StaticFiles" (directly, or via a framework built on Starlette such as FastAPI) in the default configuration are affected. "StaticFiles" is typically unauthenticated, so any client can trigger the SMB connection and leak the service account's NTLMv2 hash. A secondary impact is discovering internal hosts reachable over SMB by timing responses for valid versus invalid addresses. Mitigation Applications not running on Windows are not affected. On Windows, serving static files through a dedicated web server (such as nginx or IIS) instead of "StaticFiles" avoids the issue. Blocking outbound SMB (port 445) from the application host prevents the credential disclosure even if a UNC path is resolved.
Publish Date: 2026-06-15
URL: CVE-2026-48818
Threat Assessment
Exploit Maturity: Not Defined
EPSS:
CVSS 3 Score Details (7.5)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: High
- Integrity Impact: None
- Availability Impact: None
For more information on CVSS3 Scores, click here.
Suggested Fix
Type: Upgrade version
Origin: GHSA-wqp7-x3pw-xc5r
Release Date: 2026-06-15
Fix Resolution: starlette - 1.1.0
CVE-2026-48710
Vulnerable Library - starlette-0.49.3-py3-none-any.whl
The little ASGI library that shines.
Library home page: https://files.pythonhosted.org/packages/a3/e0/021c772d6a662f43b63044ab481dc6ac7592447605b5b35a957785363122/starlette-0.49.3-py3-none-any.whl
Path to dependency file: /requirements.txt
Path to vulnerable library: /tmp/ws-ua_20260203151958_QLDRQL/python_VXNOQS/202602031519591/env/lib/python3.9/site-packages/starlette-0.49.3.dist-info,/tmp/ws-ua_20260414115749_FASALT/python_KPPKZR/202604141157501/env/lib/python3.9/site-packages/starlette-0.49.3.dist-info
Dependency Hierarchy:
- fastapi-0.128.8-py3-none-any.whl (Root Library)
- ❌ starlette-0.49.3-py3-none-any.whl (Vulnerable Library)
Found in base branch: main
Vulnerability Details
Starlette is a lightweight ASGI framework/toolkit. Prior to version 1.0.1, the HTTP "Host" request header was not validated before being used to reconstruct "request.url". Because the routing algorithm relies on the raw HTTP path while "request.url" is rebuilt from the "Host" header, a malformed header could make "request.url.path" differ from the path that was actually requested. Middleware and endpoints that apply security restrictions based on "request.url" (rather than the raw "scope" path) could therefore be bypassed. Users should upgrade to a version greater than or equal to version 1.0.1, which validates the "Host" header against the grammar of RFC 9112 §3.2 / RFC 3986 §3.2.2 when constructing "request.url" and falls back to "scope["server"]" for malformed values.
Publish Date: 2026-05-26
URL: CVE-2026-48710
Threat Assessment
Exploit Maturity: Not Defined
EPSS: 0.906%
CVSS 3 Score Details (6.5)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: Low
- Integrity Impact: Low
- Availability Impact: None
For more information on CVSS3 Scores, click here.
Suggested Fix
Type: Upgrade version
Origin: GHSA-86qp-5c8j-p5mr
Release Date: 2026-05-26
Fix Resolution: starlette - 1.0.1,starlette - 1.0.1,https://github.com/Kludex/starlette.git - 1.0.1
CVE-2026-48817
Vulnerable Library - starlette-0.49.3-py3-none-any.whl
The little ASGI library that shines.
Library home page: https://files.pythonhosted.org/packages/a3/e0/021c772d6a662f43b63044ab481dc6ac7592447605b5b35a957785363122/starlette-0.49.3-py3-none-any.whl
Path to dependency file: /requirements.txt
Path to vulnerable library: /tmp/ws-ua_20260203151958_QLDRQL/python_VXNOQS/202602031519591/env/lib/python3.9/site-packages/starlette-0.49.3.dist-info,/tmp/ws-ua_20260414115749_FASALT/python_KPPKZR/202604141157501/env/lib/python3.9/site-packages/starlette-0.49.3.dist-info
Dependency Hierarchy:
- fastapi-0.128.8-py3-none-any.whl (Root Library)
- ❌ starlette-0.49.3-py3-none-any.whl (Vulnerable Library)
Found in base branch: main
Vulnerability Details
Summary When dispatching a request, "HTTPEndpoint" selects the handler by lowercasing the HTTP method and looking it up as an attribute with "getattr", without restricting the lookup to a known set of HTTP verbs. When an "HTTPEndpoint" subclass is registered through "Route(...)" without an explicit "methods=" argument, the route does not constrain the method and every method reaches the endpoint. If a non-standard HTTP method whose lowercased name matches an attribute on the endpoint subclass reaches the endpoint, that attribute is invoked as if it were a request handler. An attacker can use this to reach methods that were never meant to be HTTP handlers, such as internal helpers, without the authorization checks applied by the intended public handler. Details "HTTPEndpoint" uses the client-supplied method name to resolve an instance attribute, without validating it against the set of HTTP verbs the endpoint supports. A method such as "_DO_DELETE" therefore resolves an attribute like "_do_delete" and invokes it. Non-standard methods are valid "RFC 9110" (https://www.rfc-editor.org/rfc/rfc9110#name-method) token methods, so an endpoint must not treat the method name as a trusted attribute selector. Impact An application is affected when all of the following hold: * It defines an "HTTPEndpoint" subclass and registers it via "Route(...)" without an explicit "methods=" argument. * The subclass defines additional methods whose names match a non-standard HTTP-method token shape and that accept a single "request" argument and return a response. This also affects frameworks built on Starlette, like FastAPI. Mitigation Register "HTTPEndpoint" subclasses with an explicit "methods=" argument on the "Route", listing only the HTTP verbs the endpoint supports. The route then rejects any other method with "405 Method Not Allowed" before it reaches the endpoint, so non-standard methods cannot resolve an attribute.
Publish Date: 2026-06-15
URL: CVE-2026-48817
Threat Assessment
Exploit Maturity: Not Defined
EPSS:
CVSS 3 Score Details (5.3)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: Low
- Availability Impact: None
For more information on CVSS3 Scores, click here.
Suggested Fix
Type: Upgrade version
Origin: GHSA-x746-7m8f-x49c
Release Date: 2026-06-15
Fix Resolution: starlette - 1.1.0
CVE-2026-45409
Vulnerable Library - idna-3.11-py3-none-any.whl
Internationalized Domain Names in Applications (IDNA)
Library home page: https://files.pythonhosted.org/packages/0e/61/66938bbb5fc52dbdf84594873d5b51fb1f7c7794e9c0f5bd885f30bc507b/idna-3.11-py3-none-any.whl
Path to dependency file: /requirements.txt
Path to vulnerable library: /tmp/ws-ua_20260414115749_FASALT/python_KPPKZR/202604141157501/env/lib/python3.9/site-packages/idna-3.11.dist-info
Dependency Hierarchy:
- fastapi-0.128.8-py3-none-any.whl (Root Library)
- starlette-0.49.3-py3-none-any.whl
- anyio-4.12.1-py3-none-any.whl
- ❌ idna-3.11-py3-none-any.whl (Vulnerable Library)
Found in base branch: main
Vulnerability Details
Internationalized Domain Names in Applications (IDNA) for Python provides support for Internationalized Domain Names in Applications (IDNA) and Unicode IDNA Compatibility Processing. In versions prior to 3.15, payloads such as ""\u0660" * N" or ""\u30fb" * N + "\u6f22"" utilize the "valid_contexto" function prior to length rejection, and for high values of "N" will take a long time to process. This is the same issue as CVE-2024-3651, however the original remediation in 2024 was not a complete fix. A specially crafted argument to the "idna.encode()" function could consume significant resources. This may lead to a denial-of-service. Starting in version 3.14, the function rejects long inputs as soon as practicable prior to any further processing to minimize resource consumption. In version 3.15, this approach was extended to lesser used alternate functions (i.e. per-label conversions and codec support). A workaround is available. Domain names cannot exceed 253 characters in length. If this length limit is enforced prior to passing the domain to the "idna.encode()" function, it should no longer consume significant resources. This is triggered by arbitrarily large inputs that would not occur in normal usage, but may be passed to the library assuming there is no preliminary input validation by the higher-level application.
Publish Date: 2026-06-05
URL: CVE-2026-45409
Threat Assessment
Exploit Maturity: Not Defined
EPSS: 0.476%
CVSS 3 Score Details (5.3)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: Low
For more information on CVSS3 Scores, click here.
Suggested Fix
Type: Upgrade version
Origin: GHSA-65pc-fj4g-8rjx
Release Date: 2026-05-19
Fix Resolution: idna - 3.15
CVE-2026-54282
Vulnerable Library - starlette-0.49.3-py3-none-any.whl
The little ASGI library that shines.
Library home page: https://files.pythonhosted.org/packages/a3/e0/021c772d6a662f43b63044ab481dc6ac7592447605b5b35a957785363122/starlette-0.49.3-py3-none-any.whl
Path to dependency file: /requirements.txt
Path to vulnerable library: /tmp/ws-ua_20260203151958_QLDRQL/python_VXNOQS/202602031519591/env/lib/python3.9/site-packages/starlette-0.49.3.dist-info,/tmp/ws-ua_20260414115749_FASALT/python_KPPKZR/202604141157501/env/lib/python3.9/site-packages/starlette-0.49.3.dist-info
Dependency Hierarchy:
- fastapi-0.128.8-py3-none-any.whl (Root Library)
- ❌ starlette-0.49.3-py3-none-any.whl (Vulnerable Library)
Found in base branch: main
Vulnerability Details
Summary In affected versions, the HTTP request path is not validated before being used to reconstruct "request.url". Because "request.url" is rebuilt by concatenating "{scheme}://{host}{path}" and re-parsing the result, a path that does not begin with "/" (for example "@google.com") moves the authority boundary during re-parsing, so "request.url.hostname" and "request.url.netloc" become attacker-controlled. Code that reads "request.url.hostname" (rather than the "Host" header or "scope") can therefore be misled into trusting an attacker-supplied host. Details When a client requests a path that does not start with "/": GET @google.com HTTP/1.1 Host: localhost affected versions reconstruct the URL as "http://localhost@google.com". Per "RFC 3986 §3.2.1" (https://www.rfc-editor.org/rfc/rfc3986.html#section-3.2.1), the substring before "@" in the authority is "userinfo", so re-parsing yields "username = "localhost"" and "hostname = "google.com"", with an empty path: request.url == "http://localhost@google.com" request.url.hostname == "google.com" request.url.path == "" The root cause is that the path is concatenated directly after the host without a separating "/", and without validating that it begins with one. Only the "Host" header was validated when constructing "request.url"; the path was not. This requires an ASGI server that forwards a request-target lacking a leading "/" into "scope["path"]". Impact Any application running an affected version that uses "request.url", "request.url.netloc", or "request.url.hostname" for a security-sensitive decision (host-based authorization, redirect/callback base, SSRF target, cache key, audit log) may be affected, when no fronting proxy or load balancer rejects the malformed request-target first. Note that this is less exploitable than "GHSA-86qp-5c8j-p5mr" (GHSA-86qp-5c8j-p5mr): there, the poison is carried in the "Host" header, so the real path still routes to a valid endpoint while "request.url.path" lies. Here, the poison must be carried in the path itself, and that path ("@google.com") does not match any registered route, so routing returns "404" and no endpoint handler runs. The exposure is limited to code that reads "request.url" before routing - notably middleware - or in 404/exception handlers. Mitigation Upgrade to a patched version, which prevents the request path from crossing into the URL authority. The request above instead yields "http://localhost/@google.com" with "request.url.hostname == "localhost"".
Publish Date: 2026-06-15
URL: CVE-2026-54282
Threat Assessment
Exploit Maturity: Not Defined
EPSS:
CVSS 3 Score Details (3.7)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: High
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: Low
- Availability Impact: None
For more information on CVSS3 Scores, click here.
Suggested Fix
Type: Upgrade version
Origin: GHSA-jp82-jpqv-5vv3
Release Date: 2026-06-15
Fix Resolution: starlette - 1.3.0
Path to dependency file: /requirements.txt
Path to vulnerable library: /tmp/ws-ua_20260203151958_QLDRQL/python_VXNOQS/202602031519591/env/lib/python3.9/site-packages/starlette-0.49.3.dist-info,/tmp/ws-ua_20260414115749_FASALT/python_KPPKZR/202604141157501/env/lib/python3.9/site-packages/starlette-0.49.3.dist-info
Vulnerabilities
*For some transitive vulnerabilities, there is no version of direct dependency with a fix. Check the "Details" section below to see if there is a version of transitive dependency where vulnerability is fixed.
**In some cases, Remediation PR cannot be created automatically for a vulnerability despite the availability of remediation
Details
Vulnerable Library - starlette-0.49.3-py3-none-any.whl
The little ASGI library that shines.
Library home page: https://files.pythonhosted.org/packages/a3/e0/021c772d6a662f43b63044ab481dc6ac7592447605b5b35a957785363122/starlette-0.49.3-py3-none-any.whl
Path to dependency file: /requirements.txt
Path to vulnerable library: /tmp/ws-ua_20260203151958_QLDRQL/python_VXNOQS/202602031519591/env/lib/python3.9/site-packages/starlette-0.49.3.dist-info,/tmp/ws-ua_20260414115749_FASALT/python_KPPKZR/202604141157501/env/lib/python3.9/site-packages/starlette-0.49.3.dist-info
Dependency Hierarchy:
Found in base branch: main
Vulnerability Details
Summary "request.form()" accepts "max_fields" and "max_part_size" to bound resource consumption while parsing form data. These limits are enforced for "multipart/form-data", but silently ignored for "application/x-www-form-urlencoded". An unauthenticated attacker can therefore send a urlencoded body with an arbitrarily large number of fields or an arbitrarily large field, even when the application configured limits it believed would apply. Details "request.form()" dispatches to a different parser depending on the "Content-Type". For "multipart/form-data" the "max_files", "max_fields", and "max_part_size" limits are forwarded to the parser, but for "application/x-www-form-urlencoded" the parser is constructed without them. It has no "max_fields" or "max_part_size" parameter to receive them, and it appends every field with no count check and accumulates each field's name and value with no size check. The configured limits are therefore both unreachable and unenforced for url-encoded bodies. Because the url-encoded parser does its work synchronously between stream reads, the two attack shapes have different effects: - Field count drives CPU and event-loop blocking. A body of ~1,000,000 fields (a sub-10MB payload such as "f0=v&f1=v&...") blocks the worker's event loop for several seconds while parsing, during which the worker serves no other request. - Field size drives memory. A single large field value (e.g. a 50MB value) is buffered in full to build the "FormData", forcing memory allocation proportional to the request body. The equivalent "multipart/form-data" request is correctly rejected with "400 Too many fields" / "400 Field exceeded maximum size". Impact This Denial of service (DoS) vulnerability affects all applications built with Starlette (or FastAPI) that call "request.form()" on "application/x-www-form-urlencoded" requests. A single request with a very large number of fields blocks the event loop for several seconds, and a single request with a very large field forces unbounded memory allocation; in either case, parallel requests can render the service unusable. A reverse proxy that enforces a request body size limit reduces but does not eliminate the exposure, since a sub-10MB body is already enough to block the event loop. Mitigation Upgrade to a patched version, which forwards "max_fields" and "max_part_size" to the url-encoded parser and enforces them while parsing, raising before the oversized field or excess fields are accumulated. The defaults match "multipart/form-data" ("max_fields=1000", "max_part_size=1MB") and can be customized via "request.form(max_fields=..., max_part_size=...)".
Publish Date: 2026-06-15
URL: CVE-2026-54283
Threat Assessment
Exploit Maturity: Not Defined
EPSS:
CVSS 3 Score Details (7.5)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: High
For more information on CVSS3 Scores, click here.Suggested Fix
Type: Upgrade version
Origin: GHSA-82w8-qh3p-5jfq
Release Date: 2026-06-15
Fix Resolution: starlette - 1.3.1
Vulnerable Library - starlette-0.49.3-py3-none-any.whl
The little ASGI library that shines.
Library home page: https://files.pythonhosted.org/packages/a3/e0/021c772d6a662f43b63044ab481dc6ac7592447605b5b35a957785363122/starlette-0.49.3-py3-none-any.whl
Path to dependency file: /requirements.txt
Path to vulnerable library: /tmp/ws-ua_20260203151958_QLDRQL/python_VXNOQS/202602031519591/env/lib/python3.9/site-packages/starlette-0.49.3.dist-info,/tmp/ws-ua_20260414115749_FASALT/python_KPPKZR/202604141157501/env/lib/python3.9/site-packages/starlette-0.49.3.dist-info
Dependency Hierarchy:
Found in base branch: main
Vulnerability Details
Summary When serving static files on Windows, "StaticFiles" resolves the requested path with ""os.path.realpath"" (https://docs.python.org/3/library/os.path.html#os.path.realpath). If a UNC path (such as "\attacker.com\share") reaches the resolver, "realpath" causes the process to open a connection to the remote host over SMB (port 445). This is a server-side request forgery (SSRF) that leaks the service account's NTLMv2 credentials to the attacker-controlled host, which can then be cracked offline or relayed to other hosts. Details "StaticFiles.lookup_path()" joins the requested path onto the served directory and calls ""os.path.realpath"" (https://docs.python.org/3/library/os.path.html#os.path.realpath) on the result before checking containment with ""os.path.commonpath"" (https://docs.python.org/3/library/os.path.html#os.path.commonpath). On Windows, a UNC path is absolute, so ""os.path.join"" (https://docs.python.org/3/library/os.path.html#os.path.join) discards the served directory and "realpath" resolves the bare UNC path, triggering the outbound SMB connection and NTLM authentication before the containment check rejects the path. The HTTP response is a benign 404, but the credential disclosure has already happened. POSIX systems are not affected. This only affects the default configuration ("follow_symlink=False"), which uses ""os.path.realpath"" (https://docs.python.org/3/library/os.path.html#os.path.realpath). The "follow_symlink=True" branch uses ""os.path.abspath"" (https://docs.python.org/3/library/os.path.html#os.path.abspath), which performs no I/O. Impact Applications running on Windows that serve files with "StaticFiles" (directly, or via a framework built on Starlette such as FastAPI) in the default configuration are affected. "StaticFiles" is typically unauthenticated, so any client can trigger the SMB connection and leak the service account's NTLMv2 hash. A secondary impact is discovering internal hosts reachable over SMB by timing responses for valid versus invalid addresses. Mitigation Applications not running on Windows are not affected. On Windows, serving static files through a dedicated web server (such as nginx or IIS) instead of "StaticFiles" avoids the issue. Blocking outbound SMB (port 445) from the application host prevents the credential disclosure even if a UNC path is resolved.
Publish Date: 2026-06-15
URL: CVE-2026-48818
Threat Assessment
Exploit Maturity: Not Defined
EPSS:
CVSS 3 Score Details (7.5)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: High
- Integrity Impact: None
- Availability Impact: None
For more information on CVSS3 Scores, click here.Suggested Fix
Type: Upgrade version
Origin: GHSA-wqp7-x3pw-xc5r
Release Date: 2026-06-15
Fix Resolution: starlette - 1.1.0
Vulnerable Library - starlette-0.49.3-py3-none-any.whl
The little ASGI library that shines.
Library home page: https://files.pythonhosted.org/packages/a3/e0/021c772d6a662f43b63044ab481dc6ac7592447605b5b35a957785363122/starlette-0.49.3-py3-none-any.whl
Path to dependency file: /requirements.txt
Path to vulnerable library: /tmp/ws-ua_20260203151958_QLDRQL/python_VXNOQS/202602031519591/env/lib/python3.9/site-packages/starlette-0.49.3.dist-info,/tmp/ws-ua_20260414115749_FASALT/python_KPPKZR/202604141157501/env/lib/python3.9/site-packages/starlette-0.49.3.dist-info
Dependency Hierarchy:
Found in base branch: main
Vulnerability Details
Starlette is a lightweight ASGI framework/toolkit. Prior to version 1.0.1, the HTTP "Host" request header was not validated before being used to reconstruct "request.url". Because the routing algorithm relies on the raw HTTP path while "request.url" is rebuilt from the "Host" header, a malformed header could make "request.url.path" differ from the path that was actually requested. Middleware and endpoints that apply security restrictions based on "request.url" (rather than the raw "scope" path) could therefore be bypassed. Users should upgrade to a version greater than or equal to version 1.0.1, which validates the "Host" header against the grammar of RFC 9112 §3.2 / RFC 3986 §3.2.2 when constructing "request.url" and falls back to "scope["server"]" for malformed values.
Publish Date: 2026-05-26
URL: CVE-2026-48710
Threat Assessment
Exploit Maturity: Not Defined
EPSS: 0.906%
CVSS 3 Score Details (6.5)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: Low
- Integrity Impact: Low
- Availability Impact: None
For more information on CVSS3 Scores, click here.Suggested Fix
Type: Upgrade version
Origin: GHSA-86qp-5c8j-p5mr
Release Date: 2026-05-26
Fix Resolution: starlette - 1.0.1,starlette - 1.0.1,https://github.com/Kludex/starlette.git - 1.0.1
Vulnerable Library - starlette-0.49.3-py3-none-any.whl
The little ASGI library that shines.
Library home page: https://files.pythonhosted.org/packages/a3/e0/021c772d6a662f43b63044ab481dc6ac7592447605b5b35a957785363122/starlette-0.49.3-py3-none-any.whl
Path to dependency file: /requirements.txt
Path to vulnerable library: /tmp/ws-ua_20260203151958_QLDRQL/python_VXNOQS/202602031519591/env/lib/python3.9/site-packages/starlette-0.49.3.dist-info,/tmp/ws-ua_20260414115749_FASALT/python_KPPKZR/202604141157501/env/lib/python3.9/site-packages/starlette-0.49.3.dist-info
Dependency Hierarchy:
Found in base branch: main
Vulnerability Details
Summary When dispatching a request, "HTTPEndpoint" selects the handler by lowercasing the HTTP method and looking it up as an attribute with "getattr", without restricting the lookup to a known set of HTTP verbs. When an "HTTPEndpoint" subclass is registered through "Route(...)" without an explicit "methods=" argument, the route does not constrain the method and every method reaches the endpoint. If a non-standard HTTP method whose lowercased name matches an attribute on the endpoint subclass reaches the endpoint, that attribute is invoked as if it were a request handler. An attacker can use this to reach methods that were never meant to be HTTP handlers, such as internal helpers, without the authorization checks applied by the intended public handler. Details "HTTPEndpoint" uses the client-supplied method name to resolve an instance attribute, without validating it against the set of HTTP verbs the endpoint supports. A method such as "_DO_DELETE" therefore resolves an attribute like "_do_delete" and invokes it. Non-standard methods are valid "RFC 9110" (https://www.rfc-editor.org/rfc/rfc9110#name-method) token methods, so an endpoint must not treat the method name as a trusted attribute selector. Impact An application is affected when all of the following hold: * It defines an "HTTPEndpoint" subclass and registers it via "Route(...)" without an explicit "methods=" argument. * The subclass defines additional methods whose names match a non-standard HTTP-method token shape and that accept a single "request" argument and return a response. This also affects frameworks built on Starlette, like FastAPI. Mitigation Register "HTTPEndpoint" subclasses with an explicit "methods=" argument on the "Route", listing only the HTTP verbs the endpoint supports. The route then rejects any other method with "405 Method Not Allowed" before it reaches the endpoint, so non-standard methods cannot resolve an attribute.
Publish Date: 2026-06-15
URL: CVE-2026-48817
Threat Assessment
Exploit Maturity: Not Defined
EPSS:
CVSS 3 Score Details (5.3)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: Low
- Availability Impact: None
For more information on CVSS3 Scores, click here.Suggested Fix
Type: Upgrade version
Origin: GHSA-x746-7m8f-x49c
Release Date: 2026-06-15
Fix Resolution: starlette - 1.1.0
Vulnerable Library - idna-3.11-py3-none-any.whl
Internationalized Domain Names in Applications (IDNA)
Library home page: https://files.pythonhosted.org/packages/0e/61/66938bbb5fc52dbdf84594873d5b51fb1f7c7794e9c0f5bd885f30bc507b/idna-3.11-py3-none-any.whl
Path to dependency file: /requirements.txt
Path to vulnerable library: /tmp/ws-ua_20260414115749_FASALT/python_KPPKZR/202604141157501/env/lib/python3.9/site-packages/idna-3.11.dist-info
Dependency Hierarchy:
Found in base branch: main
Vulnerability Details
Internationalized Domain Names in Applications (IDNA) for Python provides support for Internationalized Domain Names in Applications (IDNA) and Unicode IDNA Compatibility Processing. In versions prior to 3.15, payloads such as ""\u0660" * N" or ""\u30fb" * N + "\u6f22"" utilize the "valid_contexto" function prior to length rejection, and for high values of "N" will take a long time to process. This is the same issue as CVE-2024-3651, however the original remediation in 2024 was not a complete fix. A specially crafted argument to the "idna.encode()" function could consume significant resources. This may lead to a denial-of-service. Starting in version 3.14, the function rejects long inputs as soon as practicable prior to any further processing to minimize resource consumption. In version 3.15, this approach was extended to lesser used alternate functions (i.e. per-label conversions and codec support). A workaround is available. Domain names cannot exceed 253 characters in length. If this length limit is enforced prior to passing the domain to the "idna.encode()" function, it should no longer consume significant resources. This is triggered by arbitrarily large inputs that would not occur in normal usage, but may be passed to the library assuming there is no preliminary input validation by the higher-level application.
Publish Date: 2026-06-05
URL: CVE-2026-45409
Threat Assessment
Exploit Maturity: Not Defined
EPSS: 0.476%
CVSS 3 Score Details (5.3)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: Low
For more information on CVSS3 Scores, click here.Suggested Fix
Type: Upgrade version
Origin: GHSA-65pc-fj4g-8rjx
Release Date: 2026-05-19
Fix Resolution: idna - 3.15
Vulnerable Library - starlette-0.49.3-py3-none-any.whl
The little ASGI library that shines.
Library home page: https://files.pythonhosted.org/packages/a3/e0/021c772d6a662f43b63044ab481dc6ac7592447605b5b35a957785363122/starlette-0.49.3-py3-none-any.whl
Path to dependency file: /requirements.txt
Path to vulnerable library: /tmp/ws-ua_20260203151958_QLDRQL/python_VXNOQS/202602031519591/env/lib/python3.9/site-packages/starlette-0.49.3.dist-info,/tmp/ws-ua_20260414115749_FASALT/python_KPPKZR/202604141157501/env/lib/python3.9/site-packages/starlette-0.49.3.dist-info
Dependency Hierarchy:
Found in base branch: main
Vulnerability Details
Summary In affected versions, the HTTP request path is not validated before being used to reconstruct "request.url". Because "request.url" is rebuilt by concatenating "{scheme}://{host}{path}" and re-parsing the result, a path that does not begin with "/" (for example "@google.com") moves the authority boundary during re-parsing, so "request.url.hostname" and "request.url.netloc" become attacker-controlled. Code that reads "request.url.hostname" (rather than the "Host" header or "scope") can therefore be misled into trusting an attacker-supplied host. Details When a client requests a path that does not start with "/": GET @google.com HTTP/1.1 Host: localhost affected versions reconstruct the URL as "http://localhost@google.com". Per "RFC 3986 §3.2.1" (https://www.rfc-editor.org/rfc/rfc3986.html#section-3.2.1), the substring before "@" in the authority is "userinfo", so re-parsing yields "username = "localhost"" and "hostname = "google.com"", with an empty path: request.url == "http://localhost@google.com" request.url.hostname == "google.com" request.url.path == "" The root cause is that the path is concatenated directly after the host without a separating "/", and without validating that it begins with one. Only the "Host" header was validated when constructing "request.url"; the path was not. This requires an ASGI server that forwards a request-target lacking a leading "/" into "scope["path"]". Impact Any application running an affected version that uses "request.url", "request.url.netloc", or "request.url.hostname" for a security-sensitive decision (host-based authorization, redirect/callback base, SSRF target, cache key, audit log) may be affected, when no fronting proxy or load balancer rejects the malformed request-target first. Note that this is less exploitable than "GHSA-86qp-5c8j-p5mr" (GHSA-86qp-5c8j-p5mr): there, the poison is carried in the "Host" header, so the real path still routes to a valid endpoint while "request.url.path" lies. Here, the poison must be carried in the path itself, and that path ("@google.com") does not match any registered route, so routing returns "404" and no endpoint handler runs. The exposure is limited to code that reads "request.url" before routing - notably middleware - or in 404/exception handlers. Mitigation Upgrade to a patched version, which prevents the request path from crossing into the URL authority. The request above instead yields "http://localhost/@google.com" with "request.url.hostname == "localhost"".
Publish Date: 2026-06-15
URL: CVE-2026-54282
Threat Assessment
Exploit Maturity: Not Defined
EPSS:
CVSS 3 Score Details (3.7)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: High
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: Low
- Availability Impact: None
For more information on CVSS3 Scores, click here.Suggested Fix
Type: Upgrade version
Origin: GHSA-jp82-jpqv-5vv3
Release Date: 2026-06-15
Fix Resolution: starlette - 1.3.0