CVEReports
CVEReports

Automated vulnerability intelligence platform. Comprehensive reports for high-severity CVEs generated by AI.

Product

  • Home
  • Sitemap
  • RSS Feed

Company

  • About
  • Contact
  • Privacy Policy
  • Terms of Service

© 2026 CVEReports. All rights reserved.

Made with love by Amit Schendel & Alon Barad



CVE-2026-25479

The Dot That Killed the Host: Litestar AllowedHosts Bypass

Alon Barad
Alon Barad
Software Engineer

Feb 9, 2026·5 min read·16 visits

Executive Summary (TL;DR)

Litestar < 2.20.0 treats dots in 'allowed_hosts' as regex wildcards. 'example.com' matches 'exampleXcom'. This allows Host Header Injection.

A classic regular expression logic flaw in Litestar's AllowedHostsMiddleware allows attackers to bypass host header validation. By failing to escape the dot character in configured hostnames, the middleware interprets them as regex wildcards, enabling Host Header Injection attacks.

The Hook: Trust Issues

In the chaotic world of web security, the Host header is often the only thing tethering an application to reality. It tells the backend, 'Hey, I'm serving traffic for this domain.' When frameworks blindly trust this header, we get Host Header Injection—a vulnerability that serves as the gateway drug to cache poisoning, password reset hijacking, and illicit redirects.

To combat this, responsible frameworks like Litestar implement an AllowedHostsMiddleware. It’s essentially a bouncer at the club door, checking the ID of every incoming request against a VIP list. If your name isn't on the list, you don't get in. Simple, right?

Well, it turns out the bouncer had a bit of a reading comprehension problem. In Litestar versions prior to 2.20.0, the logic used to verify these hosts contained a subtle but devastating flaw in how it handled regular expressions. It’s a textbook example of why 'string' and 'regex pattern' are not synonyms, and why assuming they are is a great way to get your application pwned.

The Flaw: When a Dot is Not a Dot

The vulnerability stems from a fundamental misunderstanding of how Python's re module consumes strings. When a developer configures allowed_hosts=["api.example.com"], they intend for that string to be a literal match. They want the middleware to say, 'If the host is exactly api.example.com, allow it.'

However, Litestar took these configuration strings and fed them directly into a regular expression compiler without escaping them first. In the regex world, the dot character (.) is a diva. It doesn't just sit there being a period; it acts as a wildcard that matches any single character (except a newline).

So, to the Litestar middleware, the configuration api.example.com wasn't a strict domain name. It was interpreted as the regex pattern api.example.com. This means it would happily match api.example.com, but it would also match api-example.com, apiXexample.com, or api/example.com. The bouncer wasn't checking for your specific ID; he was checking if your name had roughly the right number of letters.

The Code: The Smoking Gun

Let's look at the code that caused the headache. The issue resided in litestar/middleware/allowed_hosts.py. The middleware took the list of allowed hosts and compiled them directly. Here is a reconstruction of the logic flaw:

# THE VULNERABLE LOGIC
import re
 
allowed_hosts = ["api.example.com"]
# The framework compiled the string directly as a regex pattern
regex_pattern = re.compile(f"^({'|'.join(allowed_hosts)})$", flags=re.IGNORECASE)
 
# This matches the legitimate host...
print(bool(regex_pattern.match("api.example.com")))  # True
 
# ...but also matches this malicious one:
print(bool(regex_pattern.match("api-example.com")))  # True (OOPS)

The fix was painfully simple but critical. The developers needed to ensure that the configuration strings were treated as literals, not patterns. Python's standard library provides re.escape() for exactly this purpose.

# THE FIX (v2.20.0)
import re
 
allowed_hosts = ["api.example.com"]
 
# Escape the strings first! 
# "api.example.com" becomes "api\.example\.com"
escaped_hosts = [re.escape(h) for h in allowed_hosts]
 
regex_pattern = re.compile(f"^({'|'.join(escaped_hosts)})$", flags=re.IGNORECASE)
 
# Now the malicious host is rejected
print(bool(regex_pattern.match("api-example.com")))  # False

The Exploit: Poisoning the Well

How do we weaponize a stray dot? The goal here is Host Header Injection. Since the middleware validates the Host header before the application processes it, bypassing this check allows us to trick the application into thinking it resides at a domain controlled by the attacker.

Scenario: You are targeting a password reset flow on sso.corp.com. The application generates reset links using the incoming Host header because the developers were too lazy to hardcode the canonical URL.

  1. Reconnaissance: You determine the target is running an older version of Litestar.
  2. Registration: You register the domain sso-corp.com (note the hyphen).
  3. The Attack: You send a password reset request for a victim user, but you manipulate the Host header:
POST /reset-password HTTP/1.1
Host: sso-corp.com
Content-Type: application/json
 
{"email": "admin@corp.com"}
  1. The Bypass: The regex sso.corp.com matches sso-corp.com. The middleware says "Pass."
  2. The Impact: The application generates a reset email containing: https://sso-corp.com/reset-token?user=admin

When the admin clicks that link, they aren't going to the corporate SSO. They are landing on your server, where you harvest the token and take over the account.

The Mitigation: Escape Your Inputs

For developers using Litestar, the path forward is straightforward: Upgrade to version 2.20.0 immediately. This version includes the patch that applies re.escape() to all host entries.

If you are stuck on an older version and cannot upgrade (why?), you have a manual workaround: escape the dots in your configuration yourself.

Instead of: allowed_hosts=["api.example.com"]

Use: allowed_hosts=["api\\.example\\.com"]

However, relies on you remembering to double-escape backslashes in your config files, which is error-prone. The real lesson here is about defensive coding. Never assume a string is just a string when passing it to a regex engine. If you aren't writing a regex pattern, escape it. Always.

Official Patches

LitestarFix commit implementing re.escape()

Fix Analysis (1)

Technical Appendix

CVSS Score
6.5/ 10
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

Affected Systems

Litestar Framework (Python)

Affected Versions Detail

Product
Affected Versions
Fixed Version
Litestar
Litestar Organization
< 2.20.02.20.0
AttributeDetail
CWE IDCWE-185 (Incorrect Regular Expression)
CVSS Score6.5 (Medium)
Attack VectorNetwork
ConfidentialityLow
IntegrityLow
Exploit StatusPoC Available

MITRE ATT&CK Mapping

T1190Exploit Public-Facing Application
Initial Access
T1557Adversary-in-the-Middle
Credential Access
CWE-185
Incorrect Regular Expression

Known Exploits & Detection

GitHub Security AdvisoryOfficial advisory describing the regex bypass mechanism.

Vulnerability Timeline

Internal identification of the issue.
2025-12-14
CVE-2026-25479 Published.
2026-02-09
Litestar v2.20.0 Released with fix.
2026-02-09

References & Sources

  • [1]GitHub Advisory GHSA-93ph-p7v4-hwh4
  • [2]Litestar v2.20.0 Release Notes

Attack Flow Diagram

Press enter or space to select a node. You can then use the arrow keys to move the node around. Press delete to remove it and escape to cancel.
Press enter or space to select an edge. You can then press delete to remove it or escape to cancel.

More Reports

•about 3 hours ago•CVE-2026-48861
2.1

CVE-2026-48861: HTTP Request Splitting and Smuggling via Method Parameter CRLF Injection in Elixir Mint

CVE-2026-48861 is a client-side HTTP request-line CRLF (Carriage Return Line Feed) injection vulnerability in the popular Elixir HTTP client library, Mint. The vulnerability permits HTTP Request Splitting and HTTP Request Smuggling when an application forwards untrusted, attacker-controlled inputs to Mint's HTTP client requests as either the HTTP request method or target. By embedding CRLF characters within these parameters, an attacker can terminate the request line prematurely, inject malicious headers, or pipeline entirely independent requests. These smuggled requests are then processed by upstream or downstream proxy servers as separate HTTP queries on the same TCP connection. While Mint version 1.7.0 introduced target validation to secure the request target, the HTTP request method parameter remained completely unvalidated. This flaw allows attackers to bypass routing filters, access restricted internal APIs, or poison HTTP caches under default configurations.

Amit Schendel
Amit Schendel
3 views•7 min read
•about 3 hours ago•CVE-2026-49753
6.3

CVE-2026-49753: HTTP Request/Response Smuggling via Inconsistent Content-Length Parsing in Elixir Mint Client

An Inconsistent Interpretation of HTTP Requests (HTTP Request/Response Smuggling) vulnerability in the Elixir Mint HTTP client allows attacker-controlled HTTP/1 servers to desynchronize response framing on shared connections due to over-lenient parsing of sign-prefixed Content-Length headers.

Amit Schendel
Amit Schendel
5 views•6 min read
•about 4 hours ago•CVE-2026-49754
8.2

CVE-2026-49754: Denial of Service via Unbounded HTTP/2 CONTINUATION Frame Accumulation in Elixir Mint

An allocation of resources without limits or throttling vulnerability in Elixir Mint allows an attacker-controlled HTTP/2 server to exhaust memory in a Mint client. The vulnerability is exploited by sending a HEADERS frame without the END_HEADERS flag followed by an infinite stream of CONTINUATION frames. Because the client lacks limits on the incoming header-block accumulator, the client continuously consumes memory until an out-of-memory crash occurs.

Amit Schendel
Amit Schendel
6 views•6 min read
•about 4 hours ago•CVE-2026-48596
2.1

CVE-2026-48596: Improper Neutralization of CRLF Sequences in Elixir Tesla Multipart HTTP Client

CVE-2026-48596 is an Improper Neutralization of CRLF Sequences in HTTP Headers (HTTP Request/Response Splitting, CWE-113) in the Elixir Tesla HTTP client. The flaw resides in how multipart content-type parameters are joined and serialized, enabling attackers to inject arbitrary headers or split HTTP requests when applications pass untrusted inputs to the parameters of multipart uploads.

Alon Barad
Alon Barad
4 views•6 min read
•about 5 hours ago•CVE-2026-48594
8.2

CVE-2026-48594: Decompression Bomb Denial of Service in Elixir Tesla HTTP Client

An improper handling of highly compressed data (decompression bomb) vulnerability exists in the Elixir Tesla HTTP client when utilizing response decompression middlewares. By serving highly compressed responses or stacked content-encoding headers, a malicious server can cause arbitrary heap exhaustion, leading to a denial of service (DoS) crash in the BEAM virtual machine.

Amit Schendel
Amit Schendel
5 views•6 min read
•about 5 hours ago•CVE-2026-48595
8.2

CVE-2026-48595: Cross-Origin Credential Leakage in Elixir Tesla Client via Case-Sensitive Redirect Filter Bypass

A high-severity security vulnerability in Elixir's Tesla HTTP client library (CVE-2026-48595) allows unauthenticated remote attackers to harvest sensitive credentials, including Authorization headers and cookies. The flaw resides in the 'Tesla.Middleware.FollowRedirects' component, which performs case-sensitive lookups when stripping credentials during cross-origin redirects. Because HTTP headers are case-insensitive by RFC specifications, standard canonical casing (e.g., 'Authorization') bypasses the lowercase-only blocklist, leaking tokens to untrusted external redirect destinations.

Alon Barad
Alon Barad
5 views•5 min read