Vulnerability Details CVE-2026-23479
Redis is an in-memory data structure store. In redis-server from 7.2.0 until 8.6.3, the unblock client flow does not handle an error return from `processCommandAndResetClient` when re-executing a blocked command. If a blocked client is evicted during this flow, an authenticated attacker can trigger a use-after-free that may lead to remote code execution. This has been patched in version 8.6.3.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 30.4%
CVSS Severity
CVSS v3 Score 8.8
References
Products affected by CVE-2026-23479
-
cpe:2.3:a:redis:redis:7.2.0
-
cpe:2.3:a:redis:redis:7.2.1
-
cpe:2.3:a:redis:redis:7.2.10
-
cpe:2.3:a:redis:redis:7.2.11
-
cpe:2.3:a:redis:redis:7.2.2
-
cpe:2.3:a:redis:redis:7.2.3
-
cpe:2.3:a:redis:redis:7.2.4
-
cpe:2.3:a:redis:redis:7.2.5
-
cpe:2.3:a:redis:redis:7.2.6
-
cpe:2.3:a:redis:redis:7.2.7
-
cpe:2.3:a:redis:redis:7.2.8
-
cpe:2.3:a:redis:redis:7.2.9
-
cpe:2.3:a:redis:redis:7.4.0
-
cpe:2.3:a:redis:redis:7.4.1
-
cpe:2.3:a:redis:redis:7.4.2
-
cpe:2.3:a:redis:redis:7.4.3
-
cpe:2.3:a:redis:redis:7.4.4
-
cpe:2.3:a:redis:redis:7.4.5
-
cpe:2.3:a:redis:redis:7.4.6
-
cpe:2.3:a:redis:redis:8.0.0
-
cpe:2.3:a:redis:redis:8.0.1
-
cpe:2.3:a:redis:redis:8.0.2
-
cpe:2.3:a:redis:redis:8.0.3
-
cpe:2.3:a:redis:redis:8.0.4
-
cpe:2.3:a:redis:redis:8.2.0
-
cpe:2.3:a:redis:redis:8.2.1
-
cpe:2.3:a:redis:redis:8.2.2
-
cpe:2.3:a:redis:redis:8.2.3
-
cpe:2.3:a:redis:redis:8.2.4
-
cpe:2.3:a:redis:redis:8.2.5
-
cpe:2.3:a:redis:redis:8.2.6
-
cpe:2.3:a:redis:redis:8.4.0
-
cpe:2.3:a:redis:redis:8.4.1
-
cpe:2.3:a:redis:redis:8.4.2
-
cpe:2.3:a:redis:redis:8.4.3
-
cpe:2.3:a:redis:redis:8.6.0
-
cpe:2.3:a:redis:redis:8.6.1
-
cpe:2.3:a:redis:redis:8.6.2