Skip to content

fix: upgrade starlette to 1.1.0 (CVE-2026-48818)#1391

Closed
orbisai0security wants to merge 1 commit into
Graphify-Labs:v8from
orbisai0security:fix-cve-2026-48818-starlette
Closed

fix: upgrade starlette to 1.1.0 (CVE-2026-48818)#1391
orbisai0security wants to merge 1 commit into
Graphify-Labs:v8from
orbisai0security:fix-cve-2026-48818-starlette

Conversation

@orbisai0security

Copy link
Copy Markdown
Contributor

Summary

Upgrade starlette from 1.0.0 to 1.1.0 to fix CVE-2026-48818.

Vulnerability

Field Value
ID CVE-2026-48818
Severity HIGH
Scanner trivy
Rule CVE-2026-48818
File uv.lock
Assessment Likely exploitable

Description: Starlette: SSRF and NTLM credential theft via UNC paths in StaticFiles on Windows

Evidence

Scanner confirmation: trivy rule CVE-2026-48818 flagged this pattern.

Production code: This file is in the production codebase, not test-only code.

Threat Model Context

This is a Python library - vulnerabilities affect applications that import this code.

Changes

  • uv.lock

Verification

  • Build passes
  • Scanner re-scan confirms fix
  • LLM code review passed

This change addresses a pattern flagged by static analysis. The code path handles user-influenced input and the fix reduces the attack surface against both manual and automated exploitation.


Automated security fix by OrbisAI Security

Automated dependency upgrade by OrbisAI Security
safishamsi added a commit that referenced this pull request Jun 24, 2026
starlette underpins the HTTP MCP transport (serve_http); graphify/serve.py
imports it directly (Starlette/Middleware/Route) but it was only present
transitively via mcp, with no version floor — so end users installing
graphifyy[mcp] could resolve a vulnerable starlette even after a lockfile bump.
Declare it in the mcp (and all) extras and floor at >=1.3.1, which carries the
fixes for both CVEs (1.3.1 >= the 1.1.0 fix for CVE-2026-48818 and is the fix
for CVE-2026-54283). Lock regenerated 1.0.0 -> 1.3.1.

Supersedes the lock-only bumps in #1391 and #1396 (both targeted 1.3.1 from a
stale base) with a pyproject floor that also protects end users. stdio MCP and
CLI are unaffected. serve/MCP/HTTP tests pass on 1.3.1; full suite 2393 passed.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
@safishamsi

Copy link
Copy Markdown
Collaborator

Landed on v8 (commit ec6b397). starlette is bumped to 1.3.1 (carries the fix for this CVE), and rather than only bumping the lockfile we floored starlette>=1.3.1 in the mcp (and all) extras in pyproject. That matters because graphify/serve.py imports starlette directly for the HTTP MCP transport but it was only an undeclared transitive dep via mcp — so a lock-only bump would protect dev/CI but not end users installing graphifyy[mcp], who resolve dependencies fresh. The floor protects them too. Verified: serve/MCP/HTTP tests pass on 1.3.1, full suite green. Closing as superseded by the pyproject-level fix. Thanks for the report! Note: 1.3.1 covers both CVE-2026-48818 and CVE-2026-54283, so this and #1396 are resolved by the same floor.

@safishamsi safishamsi closed this Jun 24, 2026
@orbisai0security

Copy link
Copy Markdown
Contributor Author

Thanks for the detailed explanation and for taking the time to land a proper fix rather than just merging the lock bump! The pyproject floor is clearly the right call. I hadn't considered that end users installing graphify[mcp] resolve deps fresh, so the lockfile wouldn't have protected them.

Good catch on 1.3.1 covering CVE-2026-54283 as well. I'll make sure future PRs from our scanner target the latest patched release rather than the minimum that fixes the flagged CVE.

safishamsi added a commit that referenced this pull request Jun 25, 2026
get_community shows the community name (#1448); starlette floored >=1.3.1 for
CVE-2026-48818 / CVE-2026-54283 (#1391, #1396); begin per-language extractor
split into graphify/extractors/ (#1212); parallel community labeling via
--max-concurrency / --batch-size (#1390); reflect dedups dead-ends/corrections;
and the work-memory loop no longer depends on the git hook (reflect --if-stale).

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants