Critical 'BadHost' Flaw in Python Framework Threatens Millions of AI Agents

A nasty security flaw called BadHost has been found lurking in Starlette, the open-source Python framework that serves as the backbone for FastAPI. The vulnerability lets attackers bypass authorization entirely — which is about as bad as it sounds.

The blast radius here is enormous. Millions of AI agents and tools worldwide rely on FastAPI, which means they're sitting on top of compromised infrastructure. We're talking about a critical-severity issue that could let hackers breach systems that were supposed to be locked down.

Starlette is deeply embedded in the modern AI development stack. FastAPI has become one of the most popular frameworks for building AI-powered APIs and services. Any tool or agent built on this stack without patching is now a potential target.

If you're running anything on FastAPI, stop reading and go patch. Seriously.