Granian: DoS via WSGI response header panic_CVE-2026-42545

5.9 / 10

MEDIUM

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

Description

Granian is a Rust HTTP server for Python applications. From 0.2.0 to 2.7.4, Granian aborts a worker process if a WSGI application returns an invalid HTTP response header name or value. The WSGI response conversion path uses .unwrap() on both the header name and header value constructors, so malformed output from the application becomes a process abort instead of a handled error. This vulnerability is fixed in 2.7.4.

Basic Information

ID CVE-2026-42545

Source GitHub_M

Published May 12, 2026 at 21:51

Affected Product

Vendor emmett-framework

Product granian

Version >= 0.2.0, < 2.7.4

Affected Versions emmett-framework granian >= 0.2.0, < 2.7.4

CWE Classification

CWE-248 CWE-755

References

github.com /emmett-framework/granian/security/advisories/GHSA-f5p7-9fr5-8jmj

{
    "lastseen": "",
    "description": "Granian is a Rust HTTP server for Python applications. From 0.2.0 to 2.7.4, Granian aborts a worker process if a WSGI application returns an invalid HTTP response header name or value. The WSGI response conversion path uses .unwrap() on both the header name and header value constructors, so malformed output from the application becomes a process abort instead of a handled error. This vulnerability is fixed in 2.7.4.",
    "published": "2026-05-12T21:51:47.473Z",
    "modified": "2026-05-12T21:51:47.473Z",
    "type": "cve",
    "title": "Granian: DoS via WSGI response header panic",
    "source": "GitHub_M",
    "references": "https://github.com/emmett-framework/granian/security/advisories/GHSA-f5p7-9fr5-8jmj",
    "id": "CVE-2026-42545",
    "bulletinFamily": "",
    "cwe": [
        "CWE-248",
        "CWE-755"
    ],
    "cvelist": null,
    "sourceData": "emmett-framework granian >= 0.2.0, < 2.7.4",
    "sourceHref": "",
    "cvss": {
        "score": 5.9,
        "severity": "MEDIUM",
        "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "granian",
    "version": ">= 0.2.0, < 2.7.4",
    "vendor": "emmett-framework",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}