Ghostwire

CVE-2026-48045: python-zeroconf: Unbounded TC-deferred queue allows LAN-local memory exhaustion via spoofed-source flood

MEDIUM CVSS 6.5 Exploit Available

Published: June 11, 2026 | Last Modified: June 11, 2026

Description

python-zeroconf: Unbounded TC-deferred queue allows LAN-local memory exhaustion via spoofed-source flood

Ghostwire Analysis — What This Means Practically

Medium CVSS score indicates moderate risk — exploitation requires specific conditions or results in limited impact.
Exploit code is reported to be available, increasing the likelihood of active exploitation.

This analysis is generated by Ghostwire from NVD, CISA KEV, EPSS, and open-source intelligence data. Verify findings through primary sources before acting.

References

github.com/python-zeroconf/python-zeroconf/security/advisories/GHSA-9663-mqmp-p9
github.com/python-zeroconf/python-zeroconf/pull/1751
github.com/python-zeroconf/python-zeroconf/commit/b22c8ff19c66c68907d220a4823c09
github.com/advisories/GHSA-9663-mqmp-p9mm
www.tenable.com/cve/CVE-2026-48045
www.cnnvd.org.cn/home/globalSearch?keyword=CVE-2026-48045