Pending AnalysisCVE-2026-23479

CVE-2026-23479: RCE in Redis 7.2.0 - 8.6.3

Q: What is CVE-2026-23479 — RCE in Redis?

CVE-2026-23479 is a Remote Code Execution vulnerability in Redis versions 7.2.0 through 8.6.2. It allows an authenticated attacker to potentially execute arbitrary code on the server due to an error handling flaw in the unblock client flow.

Q: Am I affected by CVE-2026-23479 in Redis?

If you are running Redis versions 7.2.0 through 8.6.2, you are potentially affected by CVE-2026-23479. Verify your Redis version and upgrade immediately if vulnerable.

Q: How do I fix CVE-2026-23479 in Redis?

The recommended fix is to upgrade to Redis version 8.6.3 or later. If an upgrade is not immediately possible, implement temporary workarounds such as restricting network access and strengthening authentication.

Q: Is CVE-2026-23479 being actively exploited?

While no public exploits are currently available, the vulnerability's nature suggests a high likelihood of exploitation. Monitor security advisories and threat intelligence feeds for updates.

Q: Where can I find the official Redis advisory for CVE-2026-23479?

Refer to the official Redis security advisory for CVE-2026-23479 on the Redis website: [https://redis.io/docs/security/advisory/](https://redis.io/docs/security/advisory/)

Platform

redis

Component

redis

Fixed in

8.6.3

View on NVD

Save

CVE-2026-23479 is a Remote Code Execution (RCE) vulnerability affecting Redis versions 7.2.0 through 8.6.2. This flaw arises from an improper error handling mechanism within the unblock client flow, allowing an authenticated attacker to trigger a use-after-free condition. The vulnerability has been patched in Redis version 8.6.3, and users are strongly advised to upgrade.

Impact and Attack Scenarios

Successful exploitation of CVE-2026-23479 allows an authenticated attacker to execute arbitrary code on the Redis server. This could lead to complete system compromise, including data exfiltration, modification, or deletion. The attacker would need to be authenticated to Redis to trigger the unblock client flow and exploit the use-after-free. The potential blast radius is significant, as Redis is often used to store sensitive data and is frequently integrated with other critical systems. A compromised Redis instance could serve as a pivot point for lateral movement within the network.

Exploitation Context

CVE-2026-23479 was published on 2026-05-05. Its EPSS score is currently pending evaluation. No public Proof-of-Concept (POC) exploits have been publicly released as of this writing, but the use-after-free nature of the vulnerability suggests a high likelihood of exploitation if a POC is developed. Monitor security advisories and threat intelligence feeds for updates.

Threat Intelligence

Exploit Status

Proof of ConceptUnknown

CISA KEVNO

NextGuard10–15% still vulnerable

EPSS

0.10% (28% percentile)

Affected Software

Componentredis

Vendorredis

Minimum version7.2.0

Maximum version>= 7.2.0, < 8.6.3

Fixed in8.6.3

Weakness Classification (CWE)

CWE-416

Timeline

Published2026-05-05
Modified2026-05-06
EPSS updated2026-05-13

Mitigation and Workarounds

The primary mitigation for CVE-2026-23479 is to upgrade to Redis version 8.6.3 or later. If an immediate upgrade is not feasible, consider implementing temporary workarounds. Restrict network access to the Redis instance to only authorized clients. Implement strict authentication and authorization policies within Redis. Monitor Redis logs for unusual activity, particularly related to client unblocking and command execution. While a WAF cannot directly prevent this vulnerability, it can help detect and block malicious requests targeting Redis. After upgrading, confirm the fix by attempting to trigger the vulnerable unblock client flow and verifying that it no longer results in an error.

How to fix

Actualice su servidor Redis a la versión 8.6.3 o posterior para mitigar la vulnerabilidad de uso después de liberar. Esta actualización corrige el manejo de errores en el flujo de desbloqueo de clientes, previniendo la posible ejecución remota de código.

Frequently asked questions

What is CVE-2026-23479 — RCE in Redis?

CVE-2026-23479 is a Remote Code Execution vulnerability in Redis versions 7.2.0 through 8.6.2. It allows an authenticated attacker to potentially execute arbitrary code on the server due to an error handling flaw in the unblock client flow.

Am I affected by CVE-2026-23479 in Redis?

If you are running Redis versions 7.2.0 through 8.6.2, you are potentially affected by CVE-2026-23479. Verify your Redis version and upgrade immediately if vulnerable.

How do I fix CVE-2026-23479 in Redis?

The recommended fix is to upgrade to Redis version 8.6.3 or later. If an upgrade is not immediately possible, implement temporary workarounds such as restricting network access and strengthening authentication.

Is CVE-2026-23479 being actively exploited?

While no public exploits are currently available, the vulnerability's nature suggests a high likelihood of exploitation. Monitor security advisories and threat intelligence feeds for updates.

Where can I find the official Redis advisory for CVE-2026-23479?

Refer to the official Redis security advisory for CVE-2026-23479 on the Redis website: [https://redis.io/docs/security/advisory/](https://redis.io/docs/security/advisory/)

Is your project affected?

Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.

Scan free Search CVEs

livefree scan

Try it now — no account

Upload any manifest (composer.lock, package-lock.json, WordPress plugin list…) or paste your component list. You get a vulnerability report instantly. Uploading a file is just the start: with an account you get continuous monitoring, Slack/email alerts, multi-project and white-label reports.

Manual scanSlack/email alertsContinuous monitoringWhite-label reports

Drag & drop your dependency file

composer.lock, package-lock.json, requirements.txt, Gemfile.lock, pubspec.lock, Dockerfile...

Browse files