HIGH🇬🇧 English

CVE-2026-27623

CVSS 7.5v3.1pub. 2026-02-23upd. 2026-06-30

Valkey is a distributed key-value database. Starting in version 9.0.0 and prior to version 9.0.3, a malicious actor with network access to Valkey can cause the system to abort by triggering an assertion. When processing incoming requests, the Valkey system does not properly reset the networking state after processing an empty request. A malicious actor can then send a request that the server incorrectly identifies as breaking server side invariants, which results in the server shutting down. Version 9.0.3 fixes the issue. As an additional mitigation, properly isolate Valkey deployments so that only trusted users have access.

oryginał EN
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
  • Lfprojects Valkey

    APP
    Lfprojects
    9.0.0 – 9.0.3 (bez)
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
CWE
Referencje

Powiązane podatności

CVE-2025-49844CRITICAL9.9PL ✓ten sam produkt

Redis/Valkey: RCE przez use-after-free w skryptach Lua

CVE-2025-67733HIGH8.5ten sam produkt

Valkey is a distributed key-value database. Prior to versions 9.0.2, 8.1.6, 8.0.7, and 7.2.12, a malicious use...

CVE-2026-21863HIGH7.5ten sam produkt

Valkey is a distributed key-value database. Prior to versions 9.0.2, 8.1.6, 8.0.7, and 7.2.12, a malicious act...

CVE-2025-21605HIGH7.5ten sam produkt

Redis is an open source, in-memory database that persists on disk. In versions starting at 2.6 and prior to 7....

CVE-2026-2651CRITICAL9.0PL ✓ten sam vendor

MLflow: nieautoryzowany dostęp do endpointów multipart upload (RCE)