CVE-2026-23479

Name of the Vulnerable Software and Affected Versions redis-server versions 7.2.0 through 8.6.2

Description An issue exists in the unblock client flow where an error return from the processCommandAndResetClient() function is not properly handled when re-executing a blocked command. If a blocked client is evicted during this process, an authenticated attacker can trigger a use-after-free condition, which may lead to remote code execution. Use-after-free is a memory corruption flaw that occurs when an application continues to use a pointer after it has been freed.

Recommendations Update to version 8.6.3.