Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
CVE Vulnerability Details :
CVE-2026-25478
PUBLISHED
More InfoOfficial Page
Assigner-GitHub_M
Assigner Org ID-a0819718-46f1-4df5-94e2-005712e83aaa
View Known Exploited Vulnerability (KEV) details
Published At-09 Feb, 2026 | 18:46
Updated At-10 Feb, 2026 | 16:01
Rejected At-
▼CVE Numbering Authority (CNA)
Litestar has a CORS origin allowlist bypass due to unescaped regex metacharacters in allowed origins

Litestar is an Asynchronous Server Gateway Interface (ASGI) framework. Prior to 2.20.0, CORSConfig.allowed_origins_regex is constructed using a regex built from configured allowlist values and used with fullmatch() for validation. Because metacharacters are not escaped, a malicious origin can match unexpectedly. The check relies on allowed_origins_regex.fullmatch(origin). This vulnerability is fixed in 2.20.0.

Affected Products
Vendor
litestar-org
Product
litestar
Versions
Affected
  • < 2.20.0
Problem Types
TypeCWE IDDescription
CWECWE-942CWE-942: Permissive Cross-domain Policy with Untrusted Domains
Type: CWE
CWE ID: CWE-942
Description: CWE-942: Permissive Cross-domain Policy with Untrusted Domains
Metrics
VersionBase scoreBase severityVector
3.17.4HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N
Version: 3.1
Base score: 7.4
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://github.com/litestar-org/litestar/security/advisories/GHSA-2p2x-hpg8-cqp2
x_refsource_CONFIRM
https://github.com/litestar-org/litestar/commit/eb87703b309efcc0d1b087dcb12784e76b003d5a
x_refsource_MISC
https://docs.litestar.dev/2/release-notes/changelog.html#2.20.0
x_refsource_MISC
https://github.com/litestar-org/litestar/releases/tag/v2.20.0
x_refsource_MISC
Hyperlink: https://github.com/litestar-org/litestar/security/advisories/GHSA-2p2x-hpg8-cqp2
Resource:
x_refsource_CONFIRM
Hyperlink: https://github.com/litestar-org/litestar/commit/eb87703b309efcc0d1b087dcb12784e76b003d5a
Resource:
x_refsource_MISC
Hyperlink: https://docs.litestar.dev/2/release-notes/changelog.html#2.20.0
Resource:
x_refsource_MISC
Hyperlink: https://github.com/litestar-org/litestar/releases/tag/v2.20.0
Resource:
x_refsource_MISC
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Details not found