Vulnerability in Starlette ASGI Framework Affects Request URL Reconstruction
CVE-2026-54282

3.7LOW

Key Information:

Vendor: Kludex
Status: Starlette
Vendor: CVE Published:; 22 June 2026

What is CVE-2026-54282?

A vulnerability in the Starlette ASGI framework allows manipulation of the request URL due to lack of validation of the HTTP request path before reconstruction. Attackers can craft paths that lead to unauthorized trust in their supplied host, as the reconstruction process incorrectly parses request.url, potentially redirecting sensitive requests. This issue is resolved in version 1.3.0.

Affected Version(s)

starlette < 1.3.0

References

https://github.com/Kludex/starlette/security/advisories/G...

x_refsource_CONFIRM

CVSS V3.1

Score:

3.7

Severity:

LOW

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 22, 2026
Vulnerability Reserved
Jun 12, 2026

CVE-2026-54282 Data

JSON