FIX: Bump starlette to >=1.0.1 to address CVE-2026-48710 (BadHost)#1818
Merged
romanlutz merged 1 commit intoMay 27, 2026
Merged
Conversation
Starlette versions prior to 1.0.1 are vulnerable to CVE-2026-48710 (`BadHost`): a single-character injection in the HTTP Host header bypasses path-based authorization. The vulnerability affects FastAPI and much of the Python AI tooling ecosystem. PyRIT pulled in starlette 0.50.0 transitively through fastapi 0.128.0, which pinned `starlette<0.51.0`. To pick up the patched starlette: - Add `starlette>=1.0.1` as a direct dependency (the backend middleware already imports starlette directly, so declaring it is also correct from a packaging standpoint). - Bump `fastapi>=0.133.0` (the first release that drops the `starlette<1.0.0` upper bound) so the resolver can pick a patched starlette. uv lock now resolves to starlette 1.1.0 and fastapi 0.136.3. All 567 backend unit tests pass with the new versions. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
hannahwestra25
approved these changes
May 27, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Description
Starlette versions prior to 1.0.1 are vulnerable to CVE-2026-48710 (
BadHost), where a single character injected into the HTTPHostheader bypasses path-based authorization in Starlette (and therefore FastAPI). The X41 D-Sec advisory rates this as critical for tooling that exposes MCP servers and AI agent endpoints, which includes PyRIT's backend.PyRIT was pulling in
starlette==0.50.0transitively throughfastapi==0.128.0, which pinnedstarlette<0.51.0and could not be upgraded to the patched line without also bumping FastAPI.This PR:
starlette>=1.0.1as a direct dependency. The backend middleware (pyrit/backend/middleware/auth.py,request_id.py,security_headers.py) already imports starlette directly, so declaring it explicitly is also correct from a packaging standpoint and prevents accidental regressions to a vulnerable version.fastapi>=0.115.0tofastapi>=0.133.0, the first FastAPI release that drops thestarlette<1.0.0upper bound, so the resolver is free to pick the patched starlette.uv.lock, which now resolves tostarlette==1.1.0andfastapi==0.136.3.Reviewed the Starlette 1.0 release notes for breaking changes (removal of
on_startup,on_event,add_event_handler,@app.route,@app.websocket_route,@app.exception_handler,@app.middleware, and the oldJinja2Templatessignature). None of those APIs are used in PyRIT; the backend only depends onBaseHTTPMiddleware,Request,Response,JSONResponse, and theASGIApptype, which are unchanged.Tests and Documentation
No code or doc changes are needed beyond the dependency bump. The full backend unit test suite (
tests/unit/backend/, 567 tests) passes against the upgradedstarlette==1.1.0/fastapi==0.136.3. JupyText was not run because no notebooks or example code were touched.One unrelated
DeprecationWarningappears now (HTTP_422_UNPROCESSABLE_ENTITY->HTTP_422_UNPROCESSABLE_CONTENT) from Starlette 1.0's constant rename; this is just a warning, not a failure, and is out of scope for this security fix.