NVD Vulnerability Detail

Search Exploit, PoC

NVD脆弱性検索トップ

->

NVD Vulnerability Detail

CVE-2026-23479

Summary	Redis is an in-memory data structure store. In redis-server from 7.2.0 until 8.6.3, the unblock client flow does not handle an error return from `processCommandAndResetClient` when re-executing a blocked command. If a blocked client is evicted during this flow, an authenticated attacker can trigger a use-after-free that may lead to remote code execution. This has been patched in version 8.6.3.
Publication Date	May 6, 2026, 2:17 a.m.
Registration Date	May 6, 2026, 4:07 a.m.
Last Update	May 6, 2026, 2:17 a.m.

Related information, measures and tools

No	URL	refsource	タグ
1	https://github.com/redis/redis/releases/tag/8.6.3	security-advisories@github.com
2	https://github.com/redis/redis/security/advisories/GHSA-93m2-935m-8rj3	security-advisories@github.com

Common Vulnerabilities List

No	CWE	Name	URL
1	CWE-416	解放済みメモリの使用	https://cwe.mitre.org/data/definitions/416.html