Primary

Context

Redis Unblock Client Flow Use-After-Free Vulnerability Leading to Remote Code Execution

Vulnerability

A use-after-free vulnerability has been identified in the unblock client flow of Redis. This issue affects redis-server versions 7.2.0 through 8.6.3. The vulnerability arises because the command processing function does not properly handle errors when re-executing blocked commands. If a blocked client is evicted during this process, an authenticated attacker can exploit the flaw, potentially leading to remote code execution.

Impact

Exploitation of this vulnerability can cause a use-after-free condition, allowing for remote code execution on the affected system.

Remediation

Users can upgrade to Redis version 8.6.3, where this vulnerability has been patched.

Added: May 5, 2026, 5:23 PM

Updated: May 5, 2026, 5:23 PM

Vulnerability Rating

Custom Algorithm

spread

5.7

impact

7.5

exploitability

4.3

remediation

0.0

relevance

7.5

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

5.7

impact

7.5

exploitability

4.3

remediation

0.0

relevance

7.5

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Redis Unblock Client Flow Use-After-Free Vulnerability Leading to Remote Code Execution

Vulnerability

Impact

Remediation

Affected Products

Redis

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating