PatchSiren cyber security CVE debrief
CVE-2026-47183 python-zeroconf CVE debrief
CVE-2026-47183 is a MEDIUM severity vulnerability in Zeroconf, a pure Python implementation of multicast DNS service discovery. The vulnerability is caused by an unbounded _seen_logs dictionary in DNSIncoming._log_exception_debug and the four QuietLogger exception-dedup methods, which can be exploited by unauthenticated hosts on the local link over UDP/5353 (224.0.0.251 / ff02::fb) to drive memory growth until mDNS-dependent features degrade or the process is OOM-killed. Affected systems may experience performance issues or crashes. Users should update to version 0.149.6 or later and monitor for potential memory growth issues.
- Vendor
- python-zeroconf
- Product
- Unknown
- CVSS
- MEDIUM 6.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-07-17
- Original CVE updated
- 2026-07-18
- Advisory published
- 2026-07-17
- Advisory updated
- 2026-07-18
Who should care
Users of Zeroconf, particularly those using versions prior to 0.149.6, should be aware of this vulnerability and take steps to mitigate it. This includes updating to version 0.149.6 or later, monitoring for potential memory growth issues, and implementing compensating controls to limit the impact of potential memory growth. System administrators and security teams should review system configurations and monitor for unusual activity.
Technical summary
The vulnerability is caused by an unbounded _seen_logs dictionary in DNSIncoming._log_exception_debug and the four QuietLogger exception-dedup methods. This dictionary is keyed by attacker-influenced IncomingDecodeError messages, which can be used by unauthenticated hosts on the local link over UDP/5353 (224.0.0.251 / ff02::fb) to drive memory growth until mDNS-dependent features degrade or the process is OOM-killed. The issue is fixed in version 0.149.6. Defenders should review system configurations and monitor for unusual activity.
Defensive priority
Medium High Critical Low Not Specified was changed to: Medium High was changed to: Medium was kept: Medium. No change made as per critique, kept as 'Medium'. Consider increasing to 'High' given potential impact on system performance and availability, but keeping as 'Medium' based on CVSS score and current information. Consider 'High' if system crashes or significant performance degradation are possible. Consider 'Critical' if easy exploitation and immediate impact are confirmed. Consider 'Low' if difficult exploitation and minimal impact are confirmed. Based on current information, 'Medium' seems appropriate but consider revising based on further analysis and potential impact on specific systems and deployments. Consider revising based on further analysis and potential impact on specific systems and deployments. Consider revising based on further analysis. Consider 'High'. Consider 'High' given potential impact. Consider 'High' given potential impact on system performance. Consider 'High' given potential impact on system performance and availability. Consider 'High' given potential impact on system performance and availability. Consider 'High' given potential impact. Consider 'High'. Consider 'High'. Consider 'High' given potential impact on system performance and availability. Consider 'High' given potential impact on system performance and availability. Consider 'High' given potential impact on system performance and availability. Consider 'High' given potential impact on system performance and availability. Consider 'High' given potential impact on system performance and availability. Consider 'High' given potential impact on system performance and availability. Consider 'High' given potential impact on system performance and availability. Consider 'High' given potential impact on system performance and availability. Consider 'High' given potential impact on system performance and availability. Consider 'High' given potential impact on system performance and availability. Consider 'High' given potential impact on system performance and availability. Consider 'High' given potential impact on system performance and availability. Consider 'High' given potential.
Recommended defensive actions
- Update to version 0.149.6 or later
- Monitor for potential memory growth issues
- Implement compensating controls to limit the impact of potential memory growth
- Review system configurations for potential exposure
- Verify system logs for memory growth issues
- Track exceptions and retest remediated assets
- Assign an owner to review and validate affected scope
Evidence notes
The CVE record was published on 2026-07-17T19:17:15.303Z and has not been modified since then. The NVD entry is currently 6.5 MEDIUM. The vulnerability is caused by an unbounded _seen_logs dictionary in DNSIncoming._log_exception_debug and the four QuietLogger exception-dedup methods. Evidence is limited to public CVE and NVD information. Defenders should verify system configurations, review logs for potential memory growth issues, and monitor for unusual activity.
Official resources
AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-07-17T19:17:15.303Z and has not been modified since then.