Back

Critical Redis Vulnerability CVE-2026-23479 Enables Remote Code Execution

Severity: High (Score: 72.0)

Sources: thehackernews.com, Aicerts.Ai, Scworld

Published: 2026-06-04 · Updated: 2026-06-05

Keywords: redis, critical, cve-2026-23479, vulnerability, remote, code, execution

Severity indicators: critical, vulnerability, remote code execution, ot, CVE:CVE-2026-23479, CVE:CVE-2026-23479, CVE:CVE-2026-23479

Summary

A critical remote code execution vulnerability, CVE-2026-23479, has been identified in Redis, affecting versions from 7.2.0 onwards. This flaw, rated 8.8 by CVSS 3.1 and 7.7 by CVSS 4.0, is a use-after-free issue in the unblockClientOnKey() function. It allows an authenticated user to exploit the vulnerability via a Lua script to leak a heap pointer and manipulate client memory, ultimately redirecting execution to system(). Redis issued patches for versions 7.2.14, 7.4.9, 8.2.6, 8.4.3, and 8.6.3, urging immediate upgrades. The vulnerability has been present for over two years, increasing the risk as many Redis instances run without passwords in cloud environments. No active exploitation has been reported yet, but the potential for widespread impact remains significant. Key Points: • CVE-2026-23479 is a critical RCE vulnerability in Redis with a CVSS score of 8.8. • The flaw allows exploitation through authenticated sessions, often granted to default users. • Redis has released patches and recommends immediate upgrades to mitigate risks.

Detailed Analysis

**Impact** Redis deployments across cloud environments and enterprises using versions from 7.2.0 to 8.6.3 are affected, with many instances exposed due to default or weak ACL configurations. The vulnerability enables remote code execution, threatening service uptime, customer data integrity, and compliance, particularly where Redis is internet-facing or lacks strong authentication. Financial penalties and reputational damage are potential consequences, with broad implications for sectors relying on open-source infrastructure globally. **Technical Details** CVE-2026-23479 is a use-after-free vulnerability in the unblockClientOnKey() function (src/blocked.c), exploitable by an authenticated user with specific ACL privileges. The attack chain involves leaking a heap pointer via Lua scripting, manipulating client memory, and overwriting a Global Offset Table function pointer to execute system(), resulting in remote code execution. The flaw exists in Redis versions 7.2.0 through 8.6.3, introduced by commits in early 2023. No IOCs were provided in the source materials. **Recommended Response** Apply Redis patches immediately: versions 7.2.14, 7.4.9, 8.2.6, 8.4.3, and 8.6.3 contain fixes. Restrict network exposure by limiting public internet access and enforcing strict ACLs, especially disabling or restricting Lua scripting if unused. Monitor runtime for abnormal unblock-client activity and isolate vulnerable instances with firewalls if patching is delayed. Rebuild container images with verified binaries to ensure integrity.

Source articles (3)

  • Autonomous Security Testing Reveals Critical Redis RCE — Aicerts.Ai · 2026-06-04
    However, the same autonomy also accelerates attacker research, widening cloud exposure risks. The following report dissects CVE-2026-23479, the AI methods behind the find, and the defensive playbook e…
  • Critical Redis vulnerability CVE-2026-23479 allows remote code execution — Scworld · 2026-06-04
    A critical remote code execution vulnerability, tracked as CVE-2026-23479, has been discovered in Redis, a popular in-memory data structure store. This flaw, present since Redis version 7.2.0, remaine…
  • Autonomous Ai Tool Finds 2 Year Old Rce — thehackernews.com · 2026-06-04

Timeline

  • 2026-05-05 — CVE-2026-23479 published: Redis disclosed a critical remote code execution vulnerability affecting versions 7.2.0 and later.
  • 2026-05-05 — Vulnerability details revealed: The vulnerability is a use-after-free flaw in the unblockClientOnKey() function, allowing RCE.
  • 2026-06-04 — Patches released: Redis released patches for multiple versions, urging users to upgrade immediately to mitigate the vulnerability.

CVEs

  • CVE-2026-23479

Related entities

  • Zero-day Exploit (Attack Type)
  • Team Xint Code (Company)
  • Cwe-416 - Use After Free (Cwe)
  • T1059 - Command and Scripting Interpreter (Mitre Attack)
  • T1574 - Hijack Execution Flow (Mitre Attack)
  • Redis (Platform)
Loading threat details...

Threat Not Found

The threat cluster you're looking for doesn't exist or has been removed.

Return to Feed