What is CVE-2026-54282?

CVE-2026-54282 is a low-severity vulnerability in Kludex Starlette, classified under Use of Incorrectly-Resolved Name or Reference. CVSS score: 3.7/10. Published 2026-06-22.

How severe is CVE-2026-54282?

Low severity. CVSS v3 base score is 3.7 out of 10.

Vulnerability in Kludex Starlette

CVE-2026-54282

Starlette is a lightweight ASGI framework/toolkit. Prior to 1.3.0, the HTTP request path is not validated before being used to reconstruct request.url. Because request.url is rebuilt by concatenating {scheme}://{host}{path} and re-parsing…

CVSS v3 metric

CVSS v3 base score 3.7 (Low). Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N.

Affected products

Kludex Starlette — versions < 1.3.0

Weakness classification (CWE)

CWE-706 — Use of Incorrectly-Resolved Name or Reference

References

security-advisories@github.com (x_refsource_CONFIRM)

Frequently asked questions

What is CVE-2026-54282?: CVE-2026-54282 is a low-severity vulnerability in Kludex Starlette, classified under Use of Incorrectly-Resolved Name or Reference. CVSS score: 3.7/10. Published 2026-06-22.
How severe is CVE-2026-54282?: Low severity. CVSS v3 base score is 3.7 out of 10.