Hackers News Hackers News
  • CyberSecurity News
  • Threats
  • Attacks
  • Vulnerabilities
  • Breaches
  • Comparisons

Social Media

Hackers News Hackers News
  • CyberSecurity News
  • Threats
  • Attacks
  • Vulnerabilities
  • Breaches
  • Comparisons
Search the Site
Popular Searches:
technology Amazon AI
Recent Posts
Critical MacSync Stealer Delivered via Google Ads and Claude AI Chats
July 15, 2026
GPT-5.6 Sol Ultra AI Creates Full Chrome Exploit Chain from Patches
July 15, 2026
Critical Cursor RCE: CVE-2024-XXXXX lets Git repos auto-execute code
July 15, 2026
Home/CyberSecurity News/Critical Redis Vulnerabilities Let Attackers Execute Remote Code
CyberSecurity News

Critical Redis Vulnerabilities Let Attackers Execute Remote Code

Key Takeaways Five critical vulnerabilities, including four high-severity flaws, have been identified in Redis, potentially leading to remote code execution (RCE). The flaws affect Redis Cloud, Redis...

David kimber
David kimber
May 7, 2026 3 Min Read
73 0

Key Takeaways

  • Five critical vulnerabilities, including four high-severity flaws, have been identified in Redis, potentially leading to remote code execution (RCE).
  • The flaws affect Redis Cloud, Redis Software, and all open-source community editions, allowing authenticated attackers to compromise systems.
  • Patches are available for all affected versions of Redis OSS/CE and Redis Software, with Redis Cloud deployments already updated.
  • While no active exploitation has been observed, immediate action is urged for self-managed Redis instances.

Five significant security vulnerabilities, four of which carry a “High” severity rating, have been discovered in Redis, the popular open-source, in-memory data structure store. These critical flaws could enable authenticated attackers to achieve remote code execution (RCE), posing a direct threat to the integrity of affected systems running Redis Cloud, Redis Software, and various open-source community editions.

Table Of Content

  • Key Takeaways
  • Redis RCE Vulnerabilities Detailed
  • High-Severity Flaws
  • Medium-Severity Flaw
  • What You Should Do

Although successful exploitation of these vulnerabilities requires authenticated access, the potential consequences are severe, ranging from arbitrary code execution and full system compromise to data exfiltration and service disruption.

The security advisory, published on May 5, 2026, by Riaz Lakhani, forms part of Redis’s ongoing commitment to security. Four of the identified flaws received CVSS scores of 7.7, classifying them as high severity, while one was rated medium severity with a CVSS score of 6.1.

Redis RCE Vulnerabilities Detailed

High-Severity Flaws

CVE-2026-23479 is a use-after-free vulnerability impacting the unblock client flow. This flaw arises when a client, previously blocked, is evicted during the re-execution of a blocked command. The system’s failure to properly handle errors returned by the processCommandAndResetClient function allows an authenticated user to trigger the use-after-free condition, potentially leading to remote code execution.

CVE-2026-25243 targets the Redis RESTORE command. An authenticated user can trigger an invalid memory access by supplying a specially crafted serialized payload. This manipulation could result in arbitrary code execution within the context of the Redis server. Independent researcher Emil Lerner discovered a double-free variant of this issue, while Joseph Surin identified an integer overflow and an out-of-bounds read within VectorSets.

CVE-2026-25588 and CVE-2026-25589 are closely related vulnerabilities affecting the RESTORE command when used in conjunction with the RedisTimeSeries and RedisBloom modules, respectively. Both allow authenticated attackers to trigger invalid memory accesses through malformed serialized payloads, leading to the same critical RCE impact. Joseph Surin, John Stephenson, and Annie Nie are credited with discovering the TimeSeries flaw. Daniel Firer and Joseph Surin identified multiple issues within RedisBloom, including out-of-bounds reads and writes, integer overflow, and heap buffer overflow.

Medium-Severity Flaw

CVE-2026-23631 is a medium-severity use-after-free vulnerability within Redis’s Lua scripting engine. An authenticated user can exploit the master-replica synchronization mechanism to trigger this flaw. It specifically impacts Redis replicas where replica-read-only is disabled and affects all Redis versions with Lua scripting enabled. Researcher Yoni Sherez (@yoyosh__) is credited with its discovery.

Redis Cloud deployments have already been updated to address these vulnerabilities, requiring no action from customers. For organizations managing their own Redis instances, all Redis OSS/CE releases are affected. The following patched versions have been released:

  • Redis OSS/CE: 6.2.22, 7.2.14, 7.4.9, 8.2.6, 8.4.3, and 8.6.3.
  • Redis Software versions up to and including 8.0.6 are impacted, with fixes available in builds 8.0.10-64, 7.22.2-79, 7.8.6-253, 7.4.6-279, and 7.2.4-153.
  • Module-specific fixes include RedisTimeSeries v1.12.14, v1.10.24, v1.8.23, and RedisBloom v2.8.20, v2.6.28, v2.4.23.

Several of these vulnerabilities were identified through Wiz’s ZeroDay.Cloud platform, in collaboration with Redis, highlighting the increasing importance of collaborative research efforts in securing critical open-source infrastructure.

What You Should Do

Redis has confirmed no evidence of active exploitation in the wild as of the publication date. However, organizations operating self-managed Redis instances must take immediate action.

  • Upgrade Immediately: The most crucial step is to upgrade all affected Redis instances to the latest fixed releases. Downloads are available at redis.io/downloads.
  • Restrict Network Access: Implement strict firewall rules and network policies to limit access to Redis instances to only trusted sources.
  • Enforce Strong Authentication: Ensure robust authentication mechanisms are in place across all Redis deployments.
  • Enable Protected Mode: For Redis CE and OSS deployments, ensure protected-mode remains enabled.
  • Apply Least Privilege: Configure user permissions to adhere to the principle of least privilege, minimizing access to potentially dangerous commands.
  • Monitor for Exploitation: Be vigilant for indicators of potential compromise, including unauthorized access attempts, unexplained server crashes (especially with Lua engine stack traces), anomalous command execution by the redis-server user, and unexpected modifications to Redis configuration or persistent files.

Disclaimer: HackersRadar reports on cybersecurity threats and incidents for informational and awareness purposes only. We do not engage in hacking activities, data exfiltration, or the hosting or distribution of stolen or leaked information. All content is based on publicly available sources.

Tags:

AttackCVEExploitPatchSecurityVulnerability

Share Article

David kimber

David kimber

David is a penetration tester turned security journalist with expertise in mobile security, IoT vulnerabilities, and exploit development. As an OSCP-certified security professional, David brings hands-on technical experience to his reporting on vulnerabilities and security research. His articles often feature detailed technical analysis of exploits and provide actionable defense recommendations. David maintains an active presence in the security research community and has contributed to multiple open-source security tools.

Previous Post

Critical WatchGuard Agent Vulnerabilities Grant SYSTEM Privileges on Windows

Next Post

Palo Alto Networks Patches Critical PAN-OS Zero-Day RCE, Exploited Since April

No Comment! Be the first one.

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Popular Posts
Critical Dell PowerProtect flaws let attackers gain full system access
July 15, 2026
Microsoft Confirms Dell Laptop Overheating, Shutdowns After July Windows Update
July 15, 2026
FaceTime Call Impersonation Fraud Hijacks Bank Accounts
July 15, 2026
Top Authors
Marcus Rodriguez
Marcus Rodriguez
Emy Elsamnoudy
Emy Elsamnoudy
Jennifer sherman
Jennifer sherman
Let's Connect
156k
2.25m
285k

Related Posts

Jennifer sherman
By Jennifer sherman
Threats

GlassWorm Attacks macOS via Malicious VS Code…

January 1, 2026
Emy Elsamnoudy
By Emy Elsamnoudy
Attacks

ClickFix Attack Hides Malicious Code via Stegan Security

January 1, 2026
Sarah simpson
By Sarah simpson
Vulnerabilities

MongoBleed Detector Tool Released to Detect MongoDB Vulnerability(CVE-2025-14847)

January 1, 2026
Emy Elsamnoudy
By Emy Elsamnoudy
Breaches

Conti Ransomware Gang Leaders & Infrastructure Exposed

January 1, 2026
Hackers News Hackers News
  • [email protected]

Quick Links

  • Contact Us
  • Privacy Policy
  • Terms of service

Categories

Attacks
Breaches
Comparisons
CyberSecurity News
Threats
Vulnerabilities

Let's keep in touch

receive fresh updates and breaking cyber news every day and week!

All Rights Reserved by HackersRadar ©2026

Follow Us