What happened
Starlette's host validation was bypassable via crafted Host headers. The auth layer derives the effective route from request.url.path (reconstructed from the Host header), but FastAPI dispatches based on a different evaluation. This mismatch allows attackers to reach routes that should be protected, particularly when chained with CVE-2026-42271.
Why it matters
This affects millions of AI agents and LLM inference endpoints. Bypassing auth on model servers or AI gateways grants attackers direct access to model APIs, inference hardware, and credential storage. It enables model poisoning, prompt injection at scale, and supply-chain style attacks on AI deployments.
Attack vector
An attacker crafts an HTTP Host header that causes the auth layer to evaluate a different route than the one FastAPI actually dispatches. This allows bypassing authentication checks and reaching protected management endpoints on AI gateways and model servers.
Affected systems
Starlette 0.8.3 through 1.0.0; FastAPI applications using default auth; vLLM proxy instances; all ASGI-based AI frameworks
Mitigation
Upgrade Starlette to 1.0.1 or later. Audit Host header parsing and restrict allowed hosts in FastAPI/Starlette configuration.