vLLM A.I CyberSecurity Scoring
vLLM
Company Information
Website:https://github.com/vllm-project/vllm
Employees number:20
Number of followers:14,771
NAICS:5112
Industry Type:Software Development
Homepage:github.com
vLLM Risk Score (AI oriented)
Between 700 and 749
vLLMSoftware Development
Updated:
27/05/2026
27/05/2026
747/1000
Moderate
Ba
vLLM Global Score (TPRM)
xxxx
vLLMSoftware Development
Score locked

vLLMModerate
Current Score
747Ba (MODERATE)
01000
1 incidents
-3 avg impact
Incident timeline with MITRE ATT&CK tactics, techniques, and mitigations.
JULY 2026
748
JUNE 2026
748
MAY 2026
750
Vulnerability
27 May 2026 • vLLM
vLLM, FastAPI and Model Context Protocol: BadHost Vulnerability Exposes Sensitive AI Agent Server Endpoints to Attackers
Critical 'BadHost' Vulnerability in Starlette Exposes AI Applications to Unauthorized Access
747
CRITICAL-3
OBOVLLFAS1779892255
Critical "BadHost" Vulnerability in Starlette Exposes AI Applications to Unauthorized Access
A severe security flaw, CVE-2026-48710 (BadHost), has been discovered in the Starlette web framework, putting thousands of AI-powered applications and API services at risk of exploitation. Identified by X41 D-Sec during an OSTIF-sponsored audit, the vulnerability allows attackers to manipulate HTTP request processing, potentially bypassing authentication and accessing restricted endpoints.
The issue stems from improper sanitization of the HTTP Host header in earlier Starlette versions. By crafting malicious requests, attackers can alter the `request.url` object, tricking applications into misclassifying protected routes as legitimate. This enables the bypass of path-based authentication middleware, a common security measure in AI infrastructure, without requiring valid credentials.
The impact is widespread, affecting FastAPI-based services, inference servers (vLLM, LiteLLM), Model Context Protocol (MCP) servers, OpenAI-compatible APIs, and custom AI frameworks. Many AI deployments rely on URL path validation for access control, making them particularly vulnerable. Exploitation could lead to unauthorized access to AI models, data exfiltration, or abuse of compute resources.
Security researchers warn that exploitation is straightforward and does not require authentication, increasing the risk. Attackers could expose hidden endpoints, facilitate lateral movement in poorly segmented AI environments, or compromise sensitive data.
A patch has been released in Starlette 1.0.1, and additional mitigations include strict Host header validation at the application and proxy levels and avoiding sole reliance on path-based access controls. Automated scanning tools, such as Nemesis, can help identify vulnerable deployments.
The vulnerability highlights the growing security risks at the intersection of web frameworks and AI infrastructure, emphasizing the need for proactive patching and robust input validation as AI systems scale.
INCIDENT DETAILS -
TYPE
IMPACT
DATA BREACH
REFERENCES
APRIL 2026
750
MARCH 2026
750
FEBRUARY 2026
750
JANUARY 2026
750
DECEMBER 2025
750
NOVEMBER 2025
750
OCTOBER 2025
750
SEPTEMBER 2025
750
AUGUST 2025
750
Frequently Asked Questions
?
What is the current A.I Rankiteo Cyber Score for vLLM ??
What was vLLM's A.I Rankiteo Cyber Score in June 2026 ??
What was vLLM's A.I Rankiteo Cyber Score in May 2026 ??
What was vLLM's A.I Rankiteo Cyber Score in April 2026 ??
What was vLLM's A.I Rankiteo Cyber Score in March 2026 ??
What was vLLM's A.I Rankiteo Cyber Score in February 2026 ??
What was vLLM's A.I Rankiteo Cyber Score in January 2026 ??
What was vLLM's A.I Rankiteo Cyber Score in December 2025 ??
What was vLLM's A.I Rankiteo Cyber Score in November 2025 ??
What was vLLM's A.I Rankiteo Cyber Score in October 2025 ??
What was vLLM's A.I Rankiteo Cyber Score in September 2025 ??
What was vLLM's A.I Rankiteo Cyber Score in August 2025 ??
What is the average per-incident point impact on vLLM's A.I Rankiteo Cyber Score over the past 12 months ??
Where can I access detailed records of all cyber incidents associated with vLLM ??
Where can I find a summary of the A.I Rankiteo Risk Scoring methodology ??
Where can I view vLLM's profile page on Rankiteo ??
How accurate is the A.I Rankiteo Risk Scoring methodology ?