Medium severity5.5NVD Advisory· Published Apr 3, 2026· Updated Apr 13, 2026

CVE-2026-34933

Description

Avahi is a system which facilitates service discovery on a local network via the mDNS/DNS-SD protocol suite. Prior to version 0.9-rc4, any unprivileged local user can crash avahi-daemon by sending a single D-Bus method call with conflicting publish flags. This issue has been patched in version 0.9-rc4.

Affected products

Avahi/Avahi4 versions
cpe:2.3:a:avahi:avahi:*:*:*:*:*:*:*:*+ 3 more
- cpe:2.3:a:avahi:avahi:*:*:*:*:*:*:*:*range: <0.9
- cpe:2.3:a:avahi:avahi:0.9:rc1:*:*:*:*:*:*
- cpe:2.3:a:avahi:avahi:0.9:rc2:*:*:*:*:*:*
- cpe:2.3:a:avahi:avahi:0.9:rc3:*:*:*:*:*:*

Patches

625ca0fac192

https://github.com/avahi/avahivia nvd-ref

commit

Vulnerability mechanics

Generated by null/stub on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

github.com/avahi/avahi/commit/625ca0fac19229f6dfa3a6c6b698ae657187e50cnvdPatch
github.com/avahi/avahi/pull/891nvdIssue TrackingPatch
www.openwall.com/lists/oss-security/2026/04/11/9nvdExploitMailing ListThird Party Advisory
github.com/avahi/avahi/security/advisories/GHSA-w65r-6gxh-vhvcnvdExploitPatchVendor Advisory

News mentions

No linked articles in our index yet.

cvss	0.358
epss	0.000
exploit	0.000
kev	0.000
patch	-0.070
ransomware	0.000