Millions of AI agents imperiled by critical vulnerability in open source package

Ars Technica AI · Dan Goodin · 2026-05-26

A critical, trivially-exploitable vulnerability in Starlette, a Python ASGI framework downloaded 325 million times weekly and underlying FastAPI and MCP server implementations, puts millions of AI agents at risk of credential theft and server compromise.

Open original ↗

Appears in

AI as Attack Tool and Attack Target: May 2026 Cybersecurity Moment

Extraction

Topics: ai-securitymcp-securityopen-source-securitypython-security

Claims

A critical vulnerability in Starlette, the ASGI framework underlying FastAPI and thousands of other Python projects, is trivially exploitable and affects millions of servers.
Starlette is downloaded 325 million times per week, making the blast radius of this vulnerability exceptionally large.
Because MCP servers store credentials for external services including databases, email, and calendar accounts, a successful exploit can yield access to wide ranges of connected resources.
The vulnerability is particularly dangerous for AI agent deployments because ASGI and Starlette underpin the MCP servers that connect agents to external tools and data sources.

Key quotes

Millions of AI agents and tools around the world have been imperiled by a critical vulnerability that can allow hackers to breach the servers running them and make off with sensitive data and credentials to third-party accounts.

ASGI, and by extension Starlette, have access to servers running the MCP (model context protocol), which allows AI agents from major providers to access external sources, including user data bases, email and calendar accounts, and all manner of other resources.