THREAT OPS › Threat News › [NVD] CVE-2026-23479 (HIGH 8.8) — Redis is an in-memory data structure store. In redis-server from 7.2.0 until 8.6.3, the unblock client flow does not handle an error return from `processCommandAndResetClient` when re-executing a blocked command. If a blocked client is evicted during this flow, an authenticated a
[NVD] CVE-2026-23479 (HIGH 8.8) — Redis is an in-memory data structure store. In redis-server from 7.2.0 until 8.6.3, the unblock client flow does not handle an error return from `processCommandAndResetClient` when re-executing a blocked command. If a blocked client is evicted during this flow, an authenticated a
CVE-2026-23479 CVSS: 8.8 HIGH Published: 2026-05-05T17:17:02.577
Redis is an in-memory data structure store. In redis-server from 7.2.0 until 8.6.3, the unblock client flow does not handle an error return from `processCommandAndResetClient` when re-executing a blocked command. If a blocked client is evicted during this flow, an authenticated attacker can trigger a use-after-free that may lead to
Indicators of compromise
- CVE-2026-23479cve
Original source: https://nvd.nist.gov/vuln/detail/CVE-2026-23479