Zurück zur CVE-Übersicht
CVE-2026-23479
HIGH(8.8)CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Risk Signal Score22/100 — NIEDRIG
- CVSS 8.8 — Hoch
Erwähnungen (letzte 60 Tage)
Artikel
EPSS-Score
1%
Exploit-Wahrscheinlichkeit (30 Tage)
CVSS Score
8.8
Technische Schwere
Beschreibung
Redis is an in-memory data structure store. In redis-server from 7.2.0 until 8.6.3, the unblock client flow does not handle an error return from `processCommandAndResetClient` when re-executing a blocked command. If a blocked client is evicted during this flow, an authenticated attacker can trigger a use-after-free that may lead to remote code execution. This has been patched in version 8.6.3.
Referenzen
- https://github.com/redis/redis/releases/tag/8.6.3
- https://github.com/redis/redis/security/advisories/GHSA-93m2-935m-8rj3
- https://access.redhat.com/errata/RHSA-2026:14316
- https://access.redhat.com/errata/RHSA-2026:25216
- https://access.redhat.com/errata/RHSA-2026:25219
- https://access.redhat.com/errata/RHSA-2026:25925
- https://access.redhat.com/errata/RHSA-2026:26306
- https://access.redhat.com/errata/RHSA-2026:26540
- https://access.redhat.com/errata/RHSA-2026:7662
- https://access.redhat.com/security/cve/CVE-2026-23479