PatchSiren cyber security CVE debrief
CVE-2026-47180 python-zeroconf CVE debrief
CVE-2026-47180 is a MEDIUM severity vulnerability in Zeroconf, a pure Python implementation of multicast DNS service discovery. The issue is caused by a recursion error in DNSIncoming._decode_labels_at_offset, which can lead to sustained CPU burn, log flooding, and degraded mDNS-dependent features for unauthenticated hosts on the local link over UDP/5353 (224.0.0.251 / ff02::fb). The vulnerability is fixed in version 0.149.5. Users of Zeroconf, particularly those using versions prior to 0.149.5, should take immediate action to mitigate the vulnerability.
- Vendor
- python-zeroconf
- Product
- Unknown
- CVSS
- MEDIUM 6.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-07-17
- Original CVE updated
- 2026-07-17
- Advisory published
- 2026-07-17
- Advisory updated
- 2026-07-17
Who should care
Users of Zeroconf, particularly those using versions prior to 0.149.5, should be aware of this vulnerability and take immediate action to mitigate it. This includes operators of IoT and networked devices that use Zeroconf, as well as security teams and vulnerability management teams responsible for ensuring the security of these systems. The vulnerability may impact the availability and security of mDNS-dependent features in these systems.
Technical summary
Zeroconf is a pure Python implementation of multicast DNS service discovery. Prior to 0.149.5, DNSIncoming._decode_labels_at_offset recurses once per DNS-name compression pointer, and a single mDNS packet carrying chained pointers can trigger a RecursionError that escapes DNSIncoming.__init__, causing sustained CPU burn, log flooding, and degraded mDNS-dependent features for unauthenticated hosts on the local link over UDP/5353 (224.0.0.251 / ff02::fb). The vulnerability is fixed in version 0.149.5, which addresses the recursion error and prevents exploitation.
Defensive priority
Medium
Recommended defensive actions
- Inventory and verify installed Zeroconf versions
- Apply patch version 0.149.5 or later
- Monitor for suspicious mDNS traffic
- Implement compensating controls for mDNS-dependent features
- Review and update incident response plans to address potential exploitation
- Verify the integrity of mDNS traffic and implement rate limiting
- Conduct regular security audits to detect potential vulnerabilities
Evidence notes
The CVE record was published on 2026-07-17T19:17:15.153Z and has not been modified since then. The NVD entry is currently 6.5 MEDIUM. There is limited information available about the vulnerability, and defenders should verify the affected scope and severity with the vendor. The Zeroconf implementation is used in various IoT and networked devices, which may be exposed to this vulnerability. Users should review their installed versions and apply patches or mitigations as needed.
Official resources
AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-07-17T19:17:15.153Z and has not been modified since then.