Redis has patched CVE-2026-23479, a use-after-free in its blocking-client code that lets an authenticated user run arbitrary OS commands on the machine hosting the database. The bug was introduced in Redis 7.2.0 and survived in every stable branch for more than two years before an autonomous AI bug-hunting tool, Theori’s Xint Code, surfaced it at Wiz’s ZeroDay.Cloud 2025 competition in London last December. The full exploit chain and a technical write-up are now public, so the window for follow-on weaponization is open.
What happened
The flaw lives in unblockClientOnKey() in src/blocked.c, which fires when a key event wakes a blocked command. The function dispatches the queued command through processCommandAndResetClient() and then keeps using the same client pointer — but that callee can free the client as a side effect, a fact its own header comment documents. The caller ignores the return value and reads the freed structure anyway. That is a textbook use-after-free (CWE-416).
Per Wiz’s analysis, the bug took two commits to assemble. A January 2023 refactor (PR #11012) added the unchecked call; a March 2023 change (PR #11568) added more client access after it. Neither was dangerous alone. Together they reached general availability in 7.2.0 and survived multiple rounds of security review — the kind of subtle, multi-commit defect that pattern-matching humans miss and a tireless code-reading agent does not.
Technical details
NVD rates the flaw 8.8 under CVSS 3.1; Redis scores it 7.7 under CVSS 4.0. The published exploit runs in three stages:
- Leak. A one-line Lua script —
EVAL "return tostring(redis.call)" 0— leaks a heap pointer. - Free and reclaim. The attacker grooms client memory limits, parks a bloated client on a stream, then drops the limits and wakes it. Redis frees the blocked client mid-call, and a pipelined
SETimmediately reclaims the freed slot with an attacker-built fake client structure. - Overwrite. Redis’s routine memory accounting in
updateClientMemoryUsage()performs an out-of-bounds decrement using attacker-controlled fields, aimed at the Global Offset Table to repointstrcasecmp()atsystem(). The next command Redis parses runs as a shell command.
The official Redis Docker image makes the final step easier: it ships with only partial RELRO, leaving the GOT writable at runtime. ASLR and PIE do not help, because the write is relative to a global whose offset is fixed at build time.
Impact assessment
The full chain needs an authenticated session with CONFIG SET, EVAL, stream commands (XREAD/XADD), and basic SET/GET — mapping to the @admin, @scripting, @stream, and @read/@write ACL categories. That sounds like a high bar until you look at real deployments. Wiz puts Redis in a large majority of cloud environments, and most of those instances run with no password at all. In a default deployment the default user already holds every privilege the chain requires, and operators routinely collapse @admin, CONFIG, and @scripting into a single shared application or operator role. So for a great many Redis instances, “authenticated” means “anyone who can reach the port.”
Redis says it has no evidence of exploitation in its own or customer environments, and no in-the-wild reports have surfaced yet. But the complete technical chain is public now, which materially raises the risk.
Mitigation — what to do right now
Upgrade to the patched minor for your series, all released May 5 and intended to be drop-in:
| Branch | Affected | Fixed |
|---|---|---|
| 7.2.x | 7.2.0–7.2.13 | 7.2.14 |
| 7.4.x | 7.4.0–7.4.8 | 7.4.9 |
| 8.2.x | 8.2.0–8.2.5 | 8.2.6 |
| 8.4.x | 8.4.0–8.4.2 | 8.4.3 |
| 8.6.x | 8.6.0–8.6.2 | 8.6.3 |
Managed services patch on their own schedules; Redis says Redis Cloud is already done. If you cannot patch immediately: keep Redis off the public internet and behind TLS; tighten ACLs so no single role holds @admin, CONFIG, and @scripting together; and deny @scripting entirely if you do not use Lua, which kills the Stage 1 leak. Denying CONFIG outright breaks this specific chain, though not the underlying use-after-free. Prioritize internet-exposed instances and any role that combines config, scripting, and stream access, and rotate broadly shared Redis credentials while you are at it.
CVE-2026-23479 was one of five RCE-class Redis flaws disclosed last month, and it echoes 2025’s RediShell bug — another authenticated use-after-free involving Lua scripting. The throughline worth noting: this one was found by a machine, not a reviewer, in one of the most widely deployed pieces of infrastructure software in production.
References
- Redis security advisory: https://redis.io/blog/security-advisory-cve202623479-cve202625243-cve-2026-25588-cve202625589-cve-2026-23631/
- NVD entry: https://nvd.nist.gov/vuln/detail/CVE-2026-23479
- Patch commit: https://github.com/redis/redis/commit/c14e9925e571c3c8ecbeb8632fe834faa32175ea
- Technical deep dive (ZeroDay.Cloud): https://www.zeroday.cloud/blog/redis-cve-2026-23479-deep-dive