CVE-2026-32632: Fastapi Missing Trustedhost Middleware
The FastAPI application is instantiated without the `TrustedHostMiddleware`. This can expose the service to DNS rebinding attacks if it is reachable on localhost or an internal network and not situated behind a reverse proxy that actively filters the `Host` header. Consider adding `TrustedHostMiddleware` to restrict access by enforcing an allowed list of hos
Pythongreprules fetch cve-2026-32632-fastapi-missing-trustedhost-middleware --engine opengrepDescription
The FastAPI application is instantiated without the `TrustedHostMiddleware`. This can expose the service to DNS rebinding attacks if it is reachable on localhost or an internal network and not situated behind a reverse proxy that actively filters the `Host` header. Consider adding `TrustedHostMiddleware` to restrict access by enforcing an allowed list of hos
Community feedback
0 signals from signed-in users.
- Useful
- 0
- False positive
- 0
- Metadata
- 0