ByteOS Network

granian

Source -

CNA

CNA CVEs -

ADP CVEs -

CISA CVEs -

NVD CVEs -

2Vulnerabilities found

CVE-2026-42545

Assigner-GitHub, Inc.

View Details

Assigner-GitHub, Inc.

CVSS Score-5.9||MEDIUM

EPSS-Not Assigned

Published-12 May, 2026 | 21:51

Updated-12 May, 2026 | 22:16

Granian: DoS via WSGI response header panic

Granian is a Rust HTTP server for Python applications. From 0.2.0 to 2.7.4, Granian aborts a worker process if a WSGI application returns an invalid HTTP response header name or value. The WSGI response conversion path uses .unwrap() on both the header name and header value constructors, so malformed output from the application becomes a process abort instead of a handled error. This vulnerability is fixed in 2.7.4.

Vendor-emmett-framework

Product-granian

CWE ID-CWE-248

Uncaught Exception

CWE ID-CWE-755

Improper Handling of Exceptional Conditions

CVE-2026-42544

Assigner-GitHub, Inc.

View Details

Assigner-GitHub, Inc.

CVSS Score-7.5||HIGH

EPSS-Not Assigned

Published-12 May, 2026 | 21:46

Updated-12 May, 2026 | 22:16

Granian: Unauthenticated DoS via WebSocket subprotocol header panic

Granian is a Rust HTTP server for Python applications. From 1.2.0 to 2.7.4, Granian aborts a worker process when an unauthenticated client sends a WebSocket upgrade request whose Sec-WebSocket-Protocol header contains non-ASCII bytes. The crash happens in Granian's WebSocket scope construction path, before the ASGI application is invoked. This vulnerability is fixed in 2.7.4.

Vendor-emmett-framework

Product-granian

CWE ID-CWE-20

Improper Input Validation

CWE ID-CWE-248

Uncaught Exception

CWE ID-CWE-400

Uncontrolled Resource Consumption