Primary

Context

RedisBloom Invalid Memory Access in RESTORE Command Leading to Remote Code Execution

Vulnerability

A vulnerability exists in all versions of RedisBloom prior to 2.8.20. The issue arises from improper validation of serialized values in the Redis RESTORE command, allowing authenticated attackers with permission to use RESTORE to send crafted payloads that trigger invalid memory access. This could result in remote code execution on the server. The vulnerability can be mitigated by applying ACL rules to restrict access to the RESTORE command.

Impact

Exploitation of this vulnerability can lead to invalid memory access, with potential consequences including remote code execution on the affected system.

Remediation

Users can upgrade to RedisBloom version 2.8.20 or apply ACL rules to restrict access to the RESTORE command.

Added: May 5, 2026, 5:21 PM

Updated: May 5, 2026, 5:21 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

4.7

remediation

0.0

relevance

7.5

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

4.7

remediation

0.0

relevance

7.5

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

RedisBloom Invalid Memory Access in RESTORE Command Leading to Remote Code Execution

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating