AI agents imperiled by critical vulnerability in open source package
A critical vulnerability known as BadHost has been discovered in the open-source package Starlette, affecting millions of AI agents worldwide. This flaw allows hackers to breach servers and access sensitive data, making it a significant security threat. The vulnerability is easy to exploit and impacts various widely used frameworks and applications built on Starlette.
- ▪The vulnerability, tracked as CVE-2026-48710, affects Starlette versions prior to 1.0.1.
- ▪Starlette is a widely used framework with 325 million downloads per week, and many other projects depend on it.
- ▪Exploiting this vulnerability can lead to unauthorized access to sensitive user data and credentials.
Opening excerpt (first ~120 words) tap to expand
WHEN AGENTS TURN BAD Millions of AI agents imperiled by critical vulnerability in open source package “BadHost” was found in Starlette, a package with 325 million weekly downloads. Dan Goodin – May 26, 2026 3:50 pm | 25 Credit: Aurich Lawson Credit: Aurich Lawson Text settings Story text Size Small Standard Large Width * Standard Wide Links Standard Orange * Subscribers only Learn more Minimize to nav Millions of AI agents and tools around the world have been imperiled by a critical vulnerability that can allow hackers to breach the servers running them and make off with sensitive data and credentials to third-party accounts, a security researcher is warning.
…
Excerpt limited to ~120 words for fair-use compliance. The full article is at Ars Technica.
Discussion
0 commentsMore from Ars Technica
