A vulnerability, which was classified as problematic, has been found in Zeroconf up to 0.149.15. This impacts the function _read_character_string/_read_string of the file src/zeroconf/_protocol/incoming.py of the component DNS Service Discovery. Performing a manipulation of the argument RDLENGTH results in information disclosure.

This vulnerability is known as CVE-2026-48487. Remote exploitation of the attack is possible. No exploit is available.