CVE-2026-21864

Name of the Vulnerable Software and Affected Versions Valkey-Bloom versions prior to commit a68614b6e3845777d383b3a513cedcc08b3b7ccd

Description Valkey-Bloom is a Rust-based module for the Valkey distributed key-value database that implements a Bloom Filter data type. A specially crafted RESTORE command can cause an assertion failure, leading to server shutdown. This occurs because the Valkey-bloom module did not set the VALKEYMODULE OPTIONS HANDLE IO ERRORS flag, which is required for handling errors during RDB parsing. Without this flag, parsing errors trigger a system assertion and shut down the system. The RESTORE API endpoint is involved in this issue.

Recommendations Update to commit a68614b6e3845777d383b3a513cedcc08b3b7ccd or later. As a mitigation, disable the RESTORE command if it is not used by your application.