Donate Telegram

CVE-2026-34933

MEDIUM CVSS 3.1: 5.5 EPSS 0.02%

Apr 03, 2026

Updated Apr 11, 2026

Avahi

Parameter	Value
CVSS	5.5 (MEDIUM)
Fixed In	0.9
Type	CWE-617
Vendor	Avahi
Public PoC	No

Avahi is a system which facilitates service discovery on a local network via the mDNS/DNS-SD protocol suite. Prior to version 0.9-rc4, any unprivileged local user can crash avahi-daemon by sending a single D-Bus method call with conflicting publish flags. This issue has been patched in version 0.9-rc4.

Attack Parameters

Attack Vector

Local

Requires local access

Attack Complexity

Low

Easy to exploit

Privileges Required

Low

Basic privileges needed

User Interaction

None

No user interaction needed

Impact Assessment

Confidentiality

None

No data leak

Integrity

None

No data modification

Availability

High

Complete denial of service

CVSS Vector v3.1

Weakness Type (CWE)

References 4

https://github.com/avahi/avahi/commit/625ca0fac19229f6dfa3a6c6b698ae657187e50c

security-advisories@github.com

https://github.com/avahi/avahi/pull/891

security-advisories@github.com

https://github.com/avahi/avahi/security/advisories/GHSA-w65r-6gxh-vhvc

security-advisories@github.com

http://www.openwall.com/lists/oss-security/2026/04/11/9

af854a3a-2127-422b-91ae-364da2661108

Share Post Share Share Share

CVE Details

CVE ID

CVE-2026-34933

Published Date

Apr 03, 2026

Vendor

Avahi

Severity

MEDIUM

CVSS v3.1 Score

5.5

Medium severity. Plan remediation.

Attack Analysis

Exploitability 1.8/10

How easy to exploit

Impact 3.6/10

Severity of consequences

Exploit Prediction (EPSS)

Probability of Exploit 0.02%

Likelihood of exploitation in next 30 days

Percentile: 5.1th percentile (higher than 5.1% of all CVEs)

Standard patching cycle

Impact

Denial of Service

Source

Editor's Choice