VDB
CVE-2026-34933
CVE-2026-34933
PUBLISHED
CVSS 5.5 MEDIUM
Reported by GitHub_M · Published April 3, 2026
Avahi is a system which facilitates service discovery on a local network via the mDNS/DNS-SD protocol suite. Prior to version 0.9-rc4, any unprivileged local user can crash avahi-daemon by sending a single D-Bus method call with conflicting publish flags. This issue has been patched in version 0.9-rc4.
EPSS 0.01% · 0.8th percentile
Risk Scores
CVSS v3.1
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
EPSS Score
0.01%
0.8th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| avahi | avahi | < 0.9-rc4 |
| avahi | avahi | < 0.9-rc4 |
Timeline
- Apr 3, 2026 CVE Published
- Apr 4, 2026 PoC Published
- Apr 6, 2026 Security Advisory
- Apr 11, 2026 CVE Updated
- May 18, 2026 EPSS Score
- May 19, 2026 EPSS Score
- May 20, 2026 EPSS Score
- May 21, 2026 EPSS Score
- May 22, 2026 EPSS Score
- May 23, 2026 EPSS Score
- May 24, 2026 EPSS Score
- May 25, 2026 EPSS Score
References
- https://github.com/avahi/avahi/security/advisories/GHSA-w65r-6gxh-vhvc x_refsource_CONFIRM
- https://github.com/avahi/avahi/pull/891 x_refsource_MISC
- https://github.com/avahi/avahi/commit/625ca0fac19229f6dfa3a6c6b698ae657187e50c x_refsource_MISC