MEDIUM5.3CVE-2026-44545daphne before 4.2.2 did not pass maxFramePayloadSize or maxMessagePayloadSize to Autobahn's WebSocketServerFactory.
from 0, < 4.2.2
LOW3.7CVE-2026-44546daphne before 4.2.2 reconstructs a raw HTTP request from Twisted's parsed headers and feeds it to autobahn for WebSocket handshake processi…