Summary
The current self-hosted data-plane images
public.ecr.aws/braintrust/standalone-api:v2.1.1 and
public.ecr.aws/braintrust/brainstore:v2.1.1 (pinned by Helm chart 6.2.2,
the latest as of 2026-05-28) include starlette < 1.0.1 in their
dependency tree, which is affected by CVE-2026-48710 / GHSA-86qp-5c8j-p5mr
(CVSS 6.5, "BadHost" Host-header path poisoning).
starlette 1.0.1 (the fix) was released 2026-05-21, but the v2.1.1 images
were built 2026-05-08 — before the fix — so they still carry the vulnerable
version. No newer image tag or chart release currently addresses it.
Vulnerability
starlette < 1.0.1 does not validate the HTTP Host header before constructing
request.url. A Host header containing a path component poisons
request.url.path while the ASGI-routed request.scope["path"] is unchanged,
allowing middleware that relies on request.url.path for auth/routing to be
bypassed.
Advisory: GHSA-86qp-5c8j-p5mr
Fix release: https://pypi.org/project/starlette/1.0.1/
Affected
- Image:
public.ecr.aws/braintrust/standalone-api (and brainstore)
- Tag:
v2.1.1 (built 2026-05-08), pinned by chart braintrust 6.2.2
- starlette versions observed in deps: 0.49.3, 1.0.0
Request
Please publish a rebuilt data-plane image (and a chart release that pins it)
with starlette >= 1.0.1. We're tracking this internally and would
appreciate an ETA so we can schedule the upgrade.
Verification we'll run on the new image
docker run --rm public.ecr.aws/braintrust/standalone-api: pip show starlette
expect: Version: 1.0.1 (or higher)
A couple of judgment calls worth flagging:
- I kept the issue non-exploit-detail and fix-focused — appropriate for a public issue on a known/published CVE.
- If you'd rather not open it publicly at all, the email-only route is fine; the chart repo issue just tends to get faster maintainer eyes.
Summary
The current self-hosted data-plane images
public.ecr.aws/braintrust/standalone-api:v2.1.1andpublic.ecr.aws/braintrust/brainstore:v2.1.1(pinned by Helm chart 6.2.2,the latest as of 2026-05-28) include starlette < 1.0.1 in their
dependency tree, which is affected by CVE-2026-48710 / GHSA-86qp-5c8j-p5mr
(CVSS 6.5, "BadHost" Host-header path poisoning).
starlette 1.0.1 (the fix) was released 2026-05-21, but the
v2.1.1imageswere built 2026-05-08 — before the fix — so they still carry the vulnerable
version. No newer image tag or chart release currently addresses it.
Vulnerability
starlette < 1.0.1 does not validate the HTTP Host header before constructing
request.url. A Host header containing a path component poisonsrequest.url.pathwhile the ASGI-routedrequest.scope["path"]is unchanged,allowing middleware that relies on
request.url.pathfor auth/routing to bebypassed.
Advisory: GHSA-86qp-5c8j-p5mr
Fix release: https://pypi.org/project/starlette/1.0.1/
Affected
public.ecr.aws/braintrust/standalone-api(andbrainstore)v2.1.1(built 2026-05-08), pinned by chartbraintrust6.2.2Request
Please publish a rebuilt data-plane image (and a chart release that pins it)
with starlette >= 1.0.1. We're tracking this internally and would
appreciate an ETA so we can schedule the upgrade.
Verification we'll run on the new image
docker run --rm public.ecr.aws/braintrust/standalone-api: pip show starlette
expect: Version: 1.0.1 (or higher)
A couple of judgment calls worth flagging: