Skip to content

Bump starlette in v1 to fix CVE-2026-48710 #6038

Open
Bug
Open
Bump starlette in v1 to fix CVE-2026-48710#6038
Bug
Assignees
surajksharma07
Labels
web[Component] This issue will be transferred to adk-web
@lucasoshiro

Description

@lucasoshiro
lucasoshiro
opened on Jun 9, 2026

🔴 Required Information

Currently, ADK v1 requires starlette prior to version 1, which contains the vulnerability reported in CVE-2026-48710. It was already fixed in v2 (#5894) but not in v1.

Describe the Bug:
ADK v1 depends on an outdated version of starlette that needs to be bumped to address CVE-2026-48710.

Metadata

Metadata

Assignees

Labels

web[Component] This issue will be transferred to adk-web

Type

Bug

Fields

No fields configured for Bug.

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions