CVE-2026-42545

Name of the Vulnerable Software and Affected Versions Granian versions 0.2.0 through 2.7.3

Description Granian aborts a worker process when a WSGI application returns an invalid HTTP response header name or value. This occurs because the WSGI response conversion path utilizes .unwrap() on both header name and header value constructors, causing malformed output to trigger a process abort rather than a handled error. This issue requires a buggy or attacker-influenced WSGI application to emit invalid headers, such as header names containing spaces or header values containing null bytes or r . Consequently, application errors that should result in a 500 error instead lead to a worker process denial of service.

Recommendations Update Granian to version 2.7.4.