[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"all-banners":3,"SkipToContent_34xgpJIRRkpiT6ls6jE4NHf7VpvQCQBEwi69exi4oT0":40,"FooterNav_JsYsxvLufb1W12aeknKZ89on0MD0bNDTiB5EYxyxmU":47,"vulnerability-29366":53,"FooterSocial_u16tCafBUeGMoDrdLfTINytP2JB5msc6iB3VDUutAoU":81},[4,15,24,29,35],{"title":5,"slug":6,"text":7,"link":8,"external":9,"targets":10,"cta":12,"variant":13,"campaign_id":14},"NGINX Rift free scanner - CVE-2026-42945 - CVE Page","nginx-rift-cve-page","🚨 New: FREE SCANNER for NGINX Rift (CVE-2026-42945). No account needed.","https://pentest-tools.com/network-vulnerability-scanning/cve-2026-42945-scanner-nginx-rift",true,[11],"/vulnerabilities-exploits/nginx-heap-buffer-overflow_29311","Scan for free","secondary","nginx-rift",{"title":16,"slug":17,"text":18,"link":19,"external":9,"targets":20,"cta":22,"variant":23,"campaign_id":14},"NGINX Rift free scanner - CVE-2026-42945 - Network Scanner","nginx-rift-network-scanner","🚨 Detection for NGINX Rift (CVE-2026-42945) now live. Are you exposed?","https://pentest-tools.com/pricing",[21],"/network-vulnerability-scanning/network-security-scanner-online","Find out with any plan","primary",{"title":25,"slug":26,"text":18,"link":19,"external":9,"targets":27,"cta":22,"variant":23,"campaign_id":14},"NGINX Rift free scanner - CVE-2026-42945 - Port Scanner","nginx-rift-port-scanner",[28],"/network-vulnerability-scanning/port-scanner-online-nmap",{"title":30,"slug":31,"text":32,"link":8,"external":9,"targets":33,"cta":12,"variant":13,"campaign_id":14},"NGINX Rift free scanner - CVE-2026-42945 - VulnDB Index","nginx-rift-vulndb","🚨 New: free scanner for NGINX Rift (CVE-2026-42945). Check your targets now.",[34],"/vulnerabilities-exploits",{"title":36,"slug":37,"text":32,"link":8,"external":9,"targets":38,"cta":12,"variant":13,"campaign_id":14},"NGINX Rift free scanner - CVE-2026-42945 -blog","nginx-rift-blog",[39],"/blog",["Island",41],{"key":42,"params":43,"result":45},"SkipToContent_34xgpJIRRkpiT6ls6jE4NHf7VpvQCQBEwi69exi4oT0",{"props":44},"{}",{"head":46},{},["Island",48],{"key":49,"params":50,"result":51},"FooterNav_JsYsxvLufb1W12aeknKZ89on0MD0bNDTiB5EYxyxmU",{"props":44},{"head":52},{},{"id":54,"detectable_with":55,"vuln_details":62,"vuln_id":78,"name":79,"published":80,"updated":63},29366,{"tool":56,"engine":59},{"id":57,"name":58},1,"Network Scanner",{"id":60,"name":61},2,"Nuclei",{"id":54,"codename":63,"description":63,"severity":64,"risk_description":65,"public_description":66,"public_recommendation":67,"recommendation":63,"references":68,"cvssv3":71,"epss_score":72,"epss_percentile":73,"cve":74,"in_cisa_catalog":76,"date":77,"software_type":63,"vendor":63,"product":63,"ptt_exploit_capabilities":63},null,"medium","A remote attacker can exploit this vulnerability by sending a specially crafted HTTP Host header in a request to a Starlette-based application. Due to improper validation of the Host header, security restrictions that rely on request.url for enforcement may be bypassed. This allows attackers to gain unauthorized access to endpoints protected by middleware or path-based checks, potentially leading to privilege escalation, information disclosure, or unauthorized actions.","A flaw was found in Starlette, a lightweight ASGI (Asynchronous Server Gateway Interface) framework. A remote attacker could exploit this vulnerability by sending a specially crafted HTTP Host request header. This malformed header could cause the request.url to be incorrectly reconstructed, leading to a discrepancy with the actual requested path. Consequently, security restrictions enforced by middleware and endpoints that rely on request.url for validation could be bypassed, potentially allowing unauthorized access or actions.","Upgrade Starlette to >= 1.0.1 to address this vulnerability.If immediate patching is not possible, implement strict Host header validation in a reverse proxy or web server (such as nginx or Apache) to only allow expected Host values, mitigating the risk of URL-based restriction bypass.",[69,70],"https://github.com/Kludex/starlette/security/advisories/GHSA-86qp-5c8j-p5mr","https://nvd.nist.gov/vuln/detail/CVE-2026-48710",6.5,0.00353,0.57981,[75],"CVE-2026-48710",false,"2026-05-26T00:00:00Z","NETSCAN-NUCLEI-CVE-CVE-2026-48710","Starlette - Improper Validation of Unsafe Equivalence in Input","2026-06-05T00:00:00Z",["Island",82],{"key":83,"params":84,"result":86},"FooterSocial_u16tCafBUeGMoDrdLfTINytP2JB5msc6iB3VDUutAoU",{"props":85},"{\"text-color\":\"gray\"}",{"head":87},{}]