Threat Advisory

Granian vulnerable to unauthenticated DoS via WebSocket subprotocol header panic

Threat: Vulnerability
Targeted Region: Global
Targeted Sector: Technology & IT
Criticality: High
[subscribe_to_unlock_form]

EXECUTIVE SUMMARY:

CVE-2026-42544 with a CVSS score of 7.5 is a vulnerability in the Granian package that allows an unauthenticated attacker to perform a denial-of-service (DoS) attack against the service. The vulnerability affects versions of Granian greater than or equal to 1.2.0 and less than 2.7.4. An attacker can exploit this vulnerability by sending a specially crafted WebSocket upgrade request with a non-ASCII byte in the `Sec-WebSocket-Protocol` header, which will cause the Granian worker process to abort. This results in a single-request DoS attack against one worker, and repeated requests can take the service offline. The attacker gains the capability to temporarily shut down the service, disrupting its availability and resulting in a significant business impact, including potential revenue loss, customer dissatisfaction, and damage to the organization's reputation. To exploit this vulnerability, an attacker requires access to the WebSocket interface, and the attack can be executed using a single request.[/subscribe_to_unlock_form]

EXECUTIVE SUMMARY:

CVE-2026-42544 with a CVSS score of 7.5 is a vulnerability in the Granian package that allows an unauthenticated attacker to perform a denial-of-service (DoS) attack against the service. The vulnerability affects versions of Granian greater than or equal to 1.2.0 and less than 2.7.4. An attacker can exploit this vulnerability by sending a specially crafted WebSocket upgrade request with a non-ASCII byte in the `Sec-WebSocket-Protocol` header, which will cause the Granian worker process to abort. This results in a single-request DoS attack against one worker, and repeated requests can take the service offline. The attacker gains the capability to temporarily shut down the service, disrupting its availability and resulting in a significant business impact, including potential revenue loss, customer dissatisfaction, and damage to the organization's reputation. To exploit this vulnerability, an attacker requires access to the WebSocket interface, and the attack can be executed using a single request.[emaillocker id="1283"]

RECOMMENDATION:

We recommend you to update granian to version 2.7.4.

REFERENCES:

The following reports contain further technical details:
https://github.com/advisories/GHSA-vrg7-482j-p6f6

[/emaillocker]
crossmenu