VYPR
Medium severity5.9GHSA Advisory· Published May 12, 2026· Updated May 14, 2026

CVE-2026-42545

CVE-2026-42545

Description

Granian is a Rust HTTP server for Python applications. From 0.2.0 to 2.7.4, Granian aborts a worker process if a WSGI application returns an invalid HTTP response header name or value. The WSGI response conversion path uses .unwrap() on both the header name and header value constructors, so malformed output from the application becomes a process abort instead of a handled error. This vulnerability is fixed in 2.7.4.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
granianPyPI
>= 0.2.0, < 2.7.42.7.4

Affected products

4

Patches

Vulnerability mechanics

References

3

News mentions

0

No linked articles in our index yet.