3 posts

#vllm

The Real BadHost Risk: MCP Servers, vLLM, and the Proxy Gap
Open Source#starlette#cve-2026-48710#badhost#security

The Real BadHost Risk: MCP Servers, vLLM, and the Proxy Gap

CVSS 6.5 misses the mark. Why MCP servers and proxy-less AI agent stacks face disproportionate exposure from BadHost.

Creeta
Creeta
vLLM v0.22.0 RC3: Multi-API-Server Timeout Fix Explained
Open Source#vllm#open-source#distributed-inference#llm-infrastructure

vLLM v0.22.0 RC3: Multi-API-Server Timeout Fix Explained

RC3 patches a hard-coded 60s startup timeout in vLLM's multi-API-server subsystem — here's what changed and what operators must configure.

Creeta
Creeta
Starlette BadHost: CVE-2026-48710 Auth Bypass in AI Agent Stacks
Open Source#starlette#security#cve#fastapi

Starlette BadHost: CVE-2026-48710 Auth Bypass in AI Agent Stacks

Starlette BadHost (CVE-2026-48710): a crafted Host header bypasses auth middleware. Unproxied AI agents at highest risk.

Creeta
Creeta
Showing 3 of 3 posts