CSOonline

FastAPI-based AI tools exposed to authentication bypass by flaw in Starlette framework

Researchers who found the bug warn that its Moderate rating understates a threat reaching across LLM gateways, MCP servers and agent infrastructure. A single malformed character in a web request can ...
Ars Technica

Millions of AI agents imperiled by critical vulnerability in open source package

Millions of AI agents and tools around the world have been imperiled by a critical vulnerability that can allow hackers to breach the servers running them and make off with sensitive data and ...
GIGAZINE

A vulnerability in the open-source package 'Starlette,' which is downloaded more than 300 million times a week, has put millions of AI agents at risk.

Security researcher Markus Vervier warns that Starlette, an open-source framework used by millions of AI agents and tools worldwide, has a critical vulnerability. Millions of AI agents imperiled by ...
TechRadar

Worrying open-source security issue 'BadHost' could affect millions of AI agents, experts warn

Secwest discloses CVE‑2026‑48710 (“BadHost”), a high‑severity flaw in Starlette that lets attackers abuse malformed Host headers to bypass security checks and exfiltrate sensitive data Starlette ...
note

I created a mirror of the e-Gov Law Search API and added MCP server functionality

Recently, both at work and in my personal life, it has become standard to delegate various tasks to AI agents, starting with Claude Code. The next thing I wanted to do was have the AI properly ...
Microsoft

AutoJack: How a single page can RCE the host running your AI agent

Ongoing research into AI agent framework security identified an exploit chain in AutoGen Studio (AutoGen’s open-source prototyping user interface) that allows untrusted web content rendered by a ...