A vulnerability classified as problematic has been found in withastro astro up to 6.4.5 . This impacts the function request.url of the component Host Header Handler . Performing a manipulation results in improper input validation. This vulnerability is reported as CVE-2026-54299 . The attack is possible to be carried out remotely. No exploit exists. It is recommended to upgrade the affected component.