Memory Exhaustion Vulnerability in Zeroconf Multicast DNS Service from Python
CVE-2026-47184

6.5MEDIUM

Key Information:

Vendor
CVE Published:
17 July 2026

What is CVE-2026-47184?

Zeroconf, a pure Python implementation of multicast DNS service discovery, before version 0.149.7, allows unauthenticated hosts on the local network to send valid mDNS responses. This can lead to the insertion of multiple records into the DNS cache without limits, causing memory exhaustion. Consequently, this may result in slower cache lookups and degraded performance, severely impacting discovery and registration processes within ServiceBrowser callbacks. The issue has been resolved in version 0.149.7.

Affected Version(s)

python-zeroconf < 0.149.7

References

CVSS V3.1

Score:
6.5
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Adjacent Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.