{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-07T21:34:34.597","vulnerabilities":[{"cve":{"id":"CVE-2026-25479","sourceIdentifier":"security-advisories@github.com","published":"2026-02-09T20:15:57.177","lastModified":"2026-02-17T15:14:04.910","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Litestar is an Asynchronous Server Gateway Interface (ASGI) framework. Prior to 2.20.0, in litestar.middleware.allowed_hosts, allowlist entries are compiled into regex patterns in a way that allows regex metacharacters to retain special meaning (e.g., . matches any character). This enables a bypass where an attacker supplies a host that matches the regex but is not the intended literal hostname. This vulnerability is fixed in 2.20.0."},{"lang":"es","value":"Litestar es un framework de Interfaz de Pasarela de Servidor Asíncrono (ASGI). Antes de la 2.20.0, en litestar.middleware.allowed_hosts, las entradas de la lista de permitidos se compilan en patrones de expresiones regulares de una manera que permite que los metacaracteres de expresiones regulares conserven un significado especial (por ejemplo, . coincide con cualquier carácter). Esto permite una omisión donde un atacante proporciona un host que coincide con la expresión regular pero no es el nombre de host literal previsto. Esta vulnerabilidad se corrige en la 2.20.0."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":2.5}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Primary","description":[{"lang":"en","value":"CWE-185"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:litestar:litestar:*:*:*:*:*:*:*:*","versionEndExcluding":"2.20.0","matchCriteriaId":"67E26161-0CDE-4B8F-A065-04A19BC4CDCB"}]}]}],"references":[{"url":"https://docs.litestar.dev/2/release-notes/changelog.html#2.20.0","source":"security-advisories@github.com","tags":["Release Notes"]},{"url":"https://github.com/litestar-org/litestar/commit/06b36f481d1bfea6f19995cfb4f203aba45c4ace","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/litestar-org/litestar/releases/tag/v2.20.0","source":"security-advisories@github.com","tags":["Release Notes"]},{"url":"https://github.com/litestar-org/litestar/security/advisories/GHSA-93ph-p7v4-hwh4","source":"security-advisories@github.com","tags":["Exploit","Vendor Advisory"]}]}}]}