HarborGuardharborguardDatabase
Back to search
HIGHCVE-2026-48818Published Modified CNA GitHub_M

CVE-2026-48818: Starlette: SSRF and NTLM credential theft via UNC paths in StaticFiles on Windows

Starlette is a lightweight ASGI framework/toolkit. In versions 1.0.1 and earlier, StaticFiles on Windows is vulnerable to SSRF. An UNC path such as \\attacker.com\share can cause os.path.realpath to initiate an outbound SMB connection before the path is rejected, exposing the service account’s NTLMv2 credentials for offline cracking or relay even though the HTTP response is only a 404. The issue affects default follow_symlink=False deployments, including frameworks built on Starlette such as FastAPI; POSIX systems and follow_symlink=True are unaffected. The issue is fixed in 1.1.0.

Metrics

CVSS v3.1
7.5
Severity
HIGH
Fixed in
Affected Products
1

Get notified

Email me when this CVE is updated: new fix versions, severity changes, or any record change.

HarborGuard Analysis

Synopsis

This is a Server-Side Request Forgery (SSRF) vulnerability in the Starlette ASGI framework's StaticFiles component on Windows. An unauthenticated remote attacker can send a crafted HTTP request containing a UNC path (for example, \\attacker.com\share) that causes the Windows host to initiate an outbound SMB connection to an attacker-controlled server before Starlette returns a 404. The outbound SMB handshake exposes the service account's NTLMv2 credential hash, which the attacker can crack offline or relay to authenticate elsewhere on the network. No fix version has been published yet; HarborGuard tracks this advisory and will make a patched-image rebuild available as soon as an upstream fix is released.

HarborGuard Coverage

Detection

Detection of CVE-2026-48818 is available across every HarborGuard environment. The CVE is ingested from upstream feeds (including GitHub Advisory Database) within minutes of publication and matched against customer images, including custom-built images that bundle Starlette or frameworks layered on top of it such as FastAPI.

Available
Triage

Triage is available using the CVSS v3.1 base score of 7.5 (HIGH), with per-environment compliance policy weighting applied to prioritize findings according to each customer organization's risk thresholds. Routed findings land in the inbox of the team or individual designated for the affected workload inside each customer org.

Available
Patch

Because no upstream fix version has been published, HarborGuard re-checks this advisory on every ingest cycle and will make a patched-image rebuild available the moment Starlette 1.1.0 or a subsequent fix release appears in the upstream feed. For customers with auto-remediation enabled, the rebuild, regression run, and PR against affected workloads will be triggered automatically at that point.

Pending upstream

Exploit Conditions

  • Network reachabilityRequired

    The attacker must be able to send HTTP requests to the Starlette StaticFiles endpoint over the network; no local access is needed.

  • AuthenticationNot required

    No account or credential is needed; the malicious UNC path request can be sent by any unauthenticated HTTP client.

  • Victim interactionNot required

    No user action is required; the vulnerable path resolution happens automatically when Starlette processes the attacker's request.

  • Attack complexityDetail

    Exploitation is reliable and condition-free on any Windows host running an affected Starlette version with the default follow_symlink=False configuration; no race condition or special memory layout is required.

Blast Radius

  • The service account's NTLMv2 credential hash is captured by the attacker's SMB listener and can be cracked offline to recover the plaintext password.
  • The captured hash can be relayed immediately in an NTLM relay attack to authenticate to other Windows services on the internal network without cracking.
  • Any resource accessible to the service account, such as file shares, internal APIs, or domain-joined systems, becomes reachable to the attacker after a successful relay or crack.
  • Confidentiality of the host environment is compromised; integrity and availability are not directly affected by this vulnerability.

How HarborGuard Handles This

Available on HarborGuard: because no upstream fix for CVE-2026-48818 exists yet, the platform monitors the Starlette advisory on every ingest cycle and will automatically trigger a patched-image rebuild and, for customers with auto-remediation enabled, open a regression-tested PR against affected workloads the moment version 1.1.0 or a later fix is published upstream. In the interim, compensating controls are worth considering for affected Windows-hosted workloads: network-policy rules that block outbound SMB (TCP/UDP 445) from container workloads prevent the credential-exposing connection from completing even when a malicious request is received; egress filtering to restrict outbound traffic to known destinations adds a second layer; and where the StaticFiles route is not required, disabling or routing around that middleware via a feature-flag or configuration change removes the attack surface entirely. Customers can use HarborGuard policy tagging to flag images containing starlette < 1.1.0 as non-compliant and gate deployments accordingly until the upstream patch is available.

See how HarborGuard automates this
Affected packages
  • Kludex / starlette
    < 1.1.0
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
References