Redis

🟠 High | Source: The Hacker News A critical remote code execution vulnerability (CVE-2026-23479) in Redis, introduced in version 7.2.0 over two years ago, has been patched following discovery by an autonomous AI-powered bug-hunting tool. The flaw is a use-after-free bug in Redis’s blocking-client handling code, allowing any authenticated user to execute arbitrary operating system commands on the host server. This is significant because Redis is widely deployed across cloud environments as a caching and data store layer, meaning exposure could lead to full host compromise. ...

🟠 High | Source: The Hacker News A use-after-free vulnerability in Redis (CVE-2026-23479) allows an authenticated user to execute arbitrary operating system commands on the host machine. Present in every stable Redis branch since version 7.2.0, the flaw went undetected for over two years before being discovered by an autonomous AI-powered code analysis tool. Because Redis is widely deployed as a caching and session layer in cloud environments, successful exploitation could lead to full host compromise. ...

🟡 Medium | Source: Microsoft Security Response Center CVE-2025-29923 affects go-redis, a popular Go client library for Redis, where a timeout during the CLIENT SETINFO command at connection establishment can cause responses to be returned out of order. This race condition can result in a client receiving incorrect data, potentially leading to data corruption or unintended application behaviour. Applications using go-redis in Azure or other cloud environments that rely on connection pooling may be silently affected. ...