BadHost: Starlette Host-Header Auth Bypass

How a host-header parsing flaw reaches AI agent infrastructure

Starlette before 1.0.1 reconstructed request.url from the untrusted Host header without validation, allowing request.url.path to diverge from the actual HTTP request path. Middleware that trusted the reconstructed value could be bypassed by sending a crafted Host header — granting unauthenticated access to protected endpoints in FastAPI applications, MCP servers, LLM proxies, and AI agent backends. Fixed in Starlette 1.0.1, which validates the Host header and falls back to ASGI scope data for malformed values.