VulnerableCode Vulnerability Details

Staging Environment: Content and features may be unstable or change without notice.

Search for vulnerabilities

Vulnerability details: VCID-1gkw-3zt3-sbb9

Essentials
Severities (16)
References (9)
Severity details (8)
Exploits (0)
EPSS
History (1)

Vulnerability ID	VCID-1gkw-3zt3-sbb9
Aliases	CVE-2026-24401
Summary	avahi: Avahi: Denial of Service via recursive CNAME record in mDNS response
Status	Published
Exploitability	0.5
Weighted Severity	5.9
Risk	3.0
Affected and Fixed Packages	Package Details

Weaknesses (1)

CWE-674

Uncontrolled Recursion

System	Score	Found at
cvssv3	6.5	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-24401.json
epss	0.00043	https://api.first.org/data/v1/epss?cve=CVE-2026-24401
epss	0.00043	https://api.first.org/data/v1/epss?cve=CVE-2026-24401
epss	0.00043	https://api.first.org/data/v1/epss?cve=CVE-2026-24401
epss	0.00043	https://api.first.org/data/v1/epss?cve=CVE-2026-24401
epss	0.00043	https://api.first.org/data/v1/epss?cve=CVE-2026-24401
epss	0.00043	https://api.first.org/data/v1/epss?cve=CVE-2026-24401
epss	0.00043	https://api.first.org/data/v1/epss?cve=CVE-2026-24401
epss	0.00043	https://api.first.org/data/v1/epss?cve=CVE-2026-24401
cvssv3.1	6.5	https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv3.1	6.5	https://github.com/avahi/avahi/commit/78eab31128479f06e30beb8c1cbf99dd921e2524
ssvc	Track	https://github.com/avahi/avahi/commit/78eab31128479f06e30beb8c1cbf99dd921e2524
cvssv3.1	6.5	https://github.com/avahi/avahi/issues/501
ssvc	Track	https://github.com/avahi/avahi/issues/501
cvssv3.1	6.5	https://github.com/avahi/avahi/security/advisories/GHSA-h4vp-5m8j-f6w3
ssvc	Track	https://github.com/avahi/avahi/security/advisories/GHSA-h4vp-5m8j-f6w3

Reference id	Reference type	URL
		https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-24401.json
		https://api.first.org/data/v1/epss?cve=CVE-2026-24401
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-24401
		https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
1126342		https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1126342
2432534		https://bugzilla.redhat.com/show_bug.cgi?id=2432534
501		https://github.com/avahi/avahi/issues/501
78eab31128479f06e30beb8c1cbf99dd921e2524		https://github.com/avahi/avahi/commit/78eab31128479f06e30beb8c1cbf99dd921e2524
GHSA-h4vp-5m8j-f6w3		https://github.com/avahi/avahi/security/advisories/GHSA-h4vp-5m8j-f6w3

No exploits are available.

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-24401.json

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Found at https://github.com/avahi/avahi/commit/78eab31128479f06e30beb8c1cbf99dd921e2524

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-26T16:14:24Z/ Found at https://github.com/avahi/avahi/commit/78eab31128479f06e30beb8c1cbf99dd921e2524

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Found at https://github.com/avahi/avahi/issues/501

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-26T16:14:24Z/ Found at https://github.com/avahi/avahi/issues/501

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Found at https://github.com/avahi/avahi/security/advisories/GHSA-h4vp-5m8j-f6w3

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-26T16:14:24Z/ Found at https://github.com/avahi/avahi/security/advisories/GHSA-h4vp-5m8j-f6w3

Exploit Prediction Scoring System (EPSS)

Percentile	0.13259
EPSS Score	0.00043
Published At	April 2, 2026, 12:55 p.m.

Date	Actor	Action	Source	VulnerableCode Version
2026-04-01T13:32:20.055483+00:00	RedHat Importer	Import	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-24401.json	38.0.0