2 matches found
CVE-2026-23631
Redis is an in-memory data structure store. In all versions of redis-server with Lua scripting, an authenticated attacker can exploit the master-replica synchronization mechanism to trigger a use-after-free on replicas where replica-read-only is disabled or can be disabled, which may lead to remo...
PT-2026-37085
Name of the Vulnerable Software and Affected Versions redis-server versions 7.2.0 through 8.6.3 Description An authenticated attacker can trigger a use-after-free condition in the unblock client flow of the in-memory data structure store. The issue occurs when the processCommandAndResetClient...