HTTP Server Vulnerability in Granian by Emmett Framework
CVE-2026-42545

5.9MEDIUM

Key Information:

Vendor: Emmett-framework
Status: Granian
Vendor: CVE Published:; 12 May 2026

🔔 Create Emmett-framework Vulnerability Alert

What is CVE-2026-42545?

The Granian HTTP server, utilized in Python applications, is susceptible to a process abort if a WSGI application generates invalid HTTP response header names or values. This issue arises from the server's use of the .unwrap() function in its response conversion path, which does not gracefully handle malformed output, leading to abrupt termination of worker processes instead of proper error management. A fix is available in version 2.7.4, addressing this critical concern for developers and users relying on this server.

Affected Version(s)

granian >= 0.2.0, < 2.7.4

References

https://github.com/emmett-framework/granian/security/advi...

x_refsource_CONFIRM

CVSS V3.1

Score:

5.9

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 12, 2026
Vulnerability Reserved
Apr 28, 2026

CVE-2026-42545 Data

JSON