RHSA-2026:25925HighCVSS 8.8
Red Hat Security Advisory: valkey security update
🔗 CVE IDs covered (3)
📋 Description
CVE-2026-23479 — redis: use-after-free in unblock client flow may allow remote code execution CVE-2026-23631 — redis: Remote code execution via use-after-free in Lua scripting CVE-2026-25243 — redis: RESTORE invalid memory access may allow remote code execution
🔗 References (6)
- selfhttps://access.redhat.com/errata/RHSA-2026:25925
- externalhttps://access.redhat.com/security/updates/classification/#important
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2466780
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2466788
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2466828
- selfhttps://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_25925.json