Starlette: SSRF and NTLM credential theft via UNC paths in StaticFiles on Windows
Summary
| CVE | CVE-2026-48818 |
|---|---|
| State | PUBLISHED |
| Assigner | GitHub_M |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2026-06-17 19:18:09 UTC |
| Updated | 2026-06-30 03:20:27 UTC |
| Description | Starlette is a lightweight ASGI framework/toolkit. In versions 1.0.1 and earlier, StaticFiles on Windows is vulnerable to SSRF. An UNC path such as \\attacker.com\share can cause os.path.realpath to initiate an outbound SMB connection before the path is rejected, exposing the service account’s NTLMv2 credentials for offline cracking or relay even though the HTTP response is only a 404. The issue affects default follow_symlink=False deployments, including frameworks built on Starlette such as FastAPI; POSIX systems and follow_symlink=True are unaffected. The issue is fixed in 1.1.0. |
Risk And Classification
Primary CVSS: v3.1 7.5 HIGH from ADP
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
EPSS: 0.003680000 probability, percentile 0.287690000 (date 2026-07-04)
Problem Types: CWE-918 | CWE-918 CWE-918: Server-Side Request Forgery (SSRF) | CWE-918 Server-Side Request Forgery (SSRF)
| Version | Source | Type | Score | Severity | Vector |
|---|---|---|---|---|---|
| 3.1 | ADP | CVSS | 7.5 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
| 3.1 | [email protected] | Secondary | 7.5 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
| 3.1 | 0b0ca135-0b70-47e7-9f44-1890c2a1c46c | Secondary | 7.5 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
| 3.1 | CNA | DECLARED | 7.5 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
CVSS v3.1 Breakdown
Attack Vector
NetworkAttack Complexity
LowPrivileges Required
NoneUser Interaction
NoneScope
UnchangedConfidentiality
HighIntegrity
NoneAvailability
NoneCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
NVD Known Affected Configurations (CPE 2.3)
Vendor Declared Affected Products
| Source | Vendor | Product | Version | Platforms |
|---|---|---|---|---|
| CNA | Kludex | Starlette | affected < 1.1.0 | Not specified |
| ADP | Red Hat | Red Hat AI Inference Server 3.3 | Not specified | Not specified |
| ADP | Red Hat | Exploit Intelligence | Not specified | Not specified |
| ADP | Red Hat | Migration Toolkit For Applications 8 | Not specified | Not specified |
| ADP | Red Hat | OpenShift Lightspeed | Not specified | Not specified |
| ADP | Red Hat | Red Hat AI Inference Server | Not specified | Not specified |
| ADP | Red Hat | Red Hat Ansible Automation Platform 2 | Not specified | Not specified |
| ADP | Red Hat | Red Hat Enterprise Linux AI RHEL AI 3 | Not specified | Not specified |
| ADP | Red Hat | Red Hat Hardened Images | Not specified | Not specified |
| ADP | Red Hat | Red Hat OpenShift AI RHOAI | Not specified | Not specified |
| ADP | Red Hat | Red Hat Satellite 6 | Not specified | Not specified |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-48818.json | 0b0ca135-0b70-47e7-9f44-1890c2a1c46c | security.access.redhat.com | |
| access.redhat.com/security/cve/CVE-2026-48818 | 0b0ca135-0b70-47e7-9f44-1890c2a1c46c | access.redhat.com | |
| github.com/Kludex/starlette/pull/3287 | [email protected] | github.com | Patch |
| access.redhat.com/errata/RHSA-2026:30089 | 0b0ca135-0b70-47e7-9f44-1890c2a1c46c | access.redhat.com | |
| github.com/Kludex/starlette/security/advisories/GHSA-wqp7-x3pw-xc5r | [email protected] | github.com | Mitigation, Vendor Advisory |
| access.redhat.com/errata/RHSA-2026:30087 | 0b0ca135-0b70-47e7-9f44-1890c2a1c46c | access.redhat.com | |
| access.redhat.com/errata/RHSA-2026:30088 | 0b0ca135-0b70-47e7-9f44-1890c2a1c46c | access.redhat.com | |
| github.com/Kludex/starlette/releases/tag/1.1.0 | [email protected] | github.com | Release Notes |
| bugzilla.redhat.com/show_bug.cgi | 0b0ca135-0b70-47e7-9f44-1890c2a1c46c | bugzilla.redhat.com | |
| github.com/Kludex/starlette/commit/fd53168a7767b6b55ba5af787fd88f49e33cabc5 | [email protected] | github.com | Patch |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
Additional Advisory Data
| Source | Time | Event |
|---|---|---|
| ADP | 2026-06-17T19:03:44.998Z | Reported to Red Hat. |
| ADP | 2026-06-17T17:50:12.399Z | Made public. |
Solutions
ADP: RHSA-2026:30089: Red Hat AI Inference Server 3.3
ADP: RHSA-2026:30088: Red Hat AI Inference Server 3.3
ADP: RHSA-2026:30087: Red Hat AI Inference Server 3.3
Workarounds
ADP: Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
There are currently no legacy QID mappings associated with this CVE.