CVE-2026-27623

Name of the Vulnerable Software and Affected Versions Valkey versions 9.0.0 through 9.0.2

Description Valkey, a distributed key-value database, is susceptible to a denial of service condition. A remote attacker with network access can cause the system to terminate by triggering an assertion. This occurs because the system fails to reset networking state after processing an empty request, allowing a crafted request to be misinterpreted as a violation of server-side invariants, leading to a shutdown. As an additional mitigation, deployments should be properly isolated to restrict access to trusted users.

Recommendations Update to version 9.0.3 or later. Isolate Valkey deployments to limit network access to trusted users.