HIGH
emmett-framework
CVE published 2026-05-12
CVE-2026-42544
CVE-2026-42544 is a network-reachable denial-of-service issue in Granian. An unauthenticated client can trigger a worker process abort by sending a WebSocket upgrade request whose Sec-WebSocket-Protocol header contains non-ASCII bytes. The crash occurs before the ASGI application is invoked. Granian 2.7.4 is listed as the fixed release.