Avahi DoS Vulnerability Advisory - CVSS 5.5 Medium Severity
Summary
CERT-Bund issued advisory WID-SEC-2026-0975 regarding a denial of service vulnerability in Avahi, an open-source network service discovery implementation for Linux/UNIX systems. The vulnerability (CVSS Base Score 5.5, Temporal Score 5.0) allows a local attacker to crash the Avahi service, impacting system availability. Affected products include Open Source avahi versions prior to 0.9-rc4. Organizations running vulnerable Avahi installations should apply patches immediately.
What changed
CERT-Bund published security advisory WID-SEC-2026-0975 disclosing a medium-severity denial of service vulnerability in Avahi, a zero-configuration networking implementation used in Linux and UNIX environments. A local attacker can exploit this vulnerability to cause service disruption. The CVSS score of 5.5 (medium) indicates moderate impact on availability without remote exploitation capability. The recommended mitigation is updating to version 0.9-rc4 or later.
Organizations operating Linux/UNIX systems with Avahi installed face potential availability risks if the vulnerability is exploited. System administrators should prioritize identifying and patching affected installations, particularly in environments where Avahi is used for service discovery. Given the local attack vector, organizations should also review access controls to limit local user privileges on affected systems.
What to do next
- Patch Avahi to version 0.9-rc4 or later to address the DoS vulnerability
- Audit Linux/UNIX systems for Avahi installations and verify patch status
- Monitor for further updates from CERT-Bund regarding this vulnerability
Archived snapshot
Apr 8, 2026GovPing captured this document from the original source. If the source has since changed or been removed, this is the text as it existed at that time.
[WID-SEC-2026-0975] avahi: Schwachstelle ermöglicht Denial of Service CVSS Base Score 5.5 (mittel) CVSS Temporal Score 5.0 (mittel) Remoteangriff nein Datum 06.04.2026 Stand 07.04.2026 Mitigation ja
Betroffene Systeme
Betriebssystem
- Linux
- UNIX
Produktbeschreibung
Avahi ist die Implementierung einer Technik zur Vernetzung von Geräten in einem lokalen Netzwerk, ohne dass diese manuell konfiguriert werden müssen.
Produkte
06.04.2026
- Open Source avahi <0.9-rc4
Angriff
Angriff
Ein lokaler Angreifer kann eine Schwachstelle in avahi ausnutzen, um einen Denial of Service Angriff durchzuführen. CVE Informationen Versionshistorie Feedback zum Advisory geben
Related changes
Get daily alerts for CERT-Bund Security Advisories
Daily digest delivered to your inbox.
Free. Unsubscribe anytime.
Source
About this page
Every important government, regulator, and court update from around the world. One place. Real-time. Free. Our mission
Source document text, dates, docket IDs, and authority are extracted directly from CERT-Bund.
The summary, classification, recommended actions, deadlines, and penalty information are AI-generated from the original text and may contain errors. Always verify against the source document.
Classification
Who this affects
Taxonomy
Browse Categories
Get alerts for this source
We'll email you when CERT-Bund Security Advisories publishes new changes.
Subscribed!
Optional. Filters your digest to exactly the updates that matter to you.