{
  "threat_severity" : "Important",
  "public_date" : "2026-05-05T16:39:32Z",
  "bugzilla" : {
    "description" : "redis: Remote code execution via use-after-free in Lua scripting",
    "id" : "2466788",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2466788"
  },
  "cvss3" : {
    "cvss3_base_score" : "8.8",
    "cvss3_scoring_vector" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
    "status" : "verified"
  },
  "cwe" : "CWE-416",
  "details" : [ "Redis is an in-memory data structure store. In all versions of redis-server with Lua scripting, an authenticated attacker can exploit the master-replica synchronization mechanism to trigger a use-after-free on replicas where replica-read-only is disabled or can be disabled, which may lead to remote code execution. A workaround is to prevent users from executing Lua scripts or avoid using replicas where replica-read-only is disabled. This is patched in version 8.6.3.", "A flaw was found in Redis, an in-memory data structure store. An authenticated attacker can exploit a use-after-free vulnerability in redis-server with Lua scripting. This occurs through the master-replica synchronization mechanism on replicas where replica-read-only is disabled or can be disabled. Successful exploitation may lead to remote code execution." ],
  "statement" : "This Important vulnerability in Redis affects instances configured with Lua scripting and operating as replicas where the `replica-read-only` setting is disabled or can be modified by an authenticated attacker. Exploitation of a use-after-free flaw during master-replica synchronization could lead to remote code execution. The risk is present in deployments where Redis replicas are configured for write operations or lack sufficient access controls to prevent modification of the `replica-read-only` setting.",
  "affected_release" : [ {
    "product_name" : "Red Hat Enterprise Linux 10",
    "release_date" : "2026-06-11T00:00:00Z",
    "advisory" : "RHSA-2026:25216",
    "cpe" : "cpe:/o:redhat:enterprise_linux:10.2",
    "package" : "valkey-0:8.0.9-1.el10_2"
  }, {
    "product_name" : "Red Hat Enterprise Linux 10.0 Extended Update Support",
    "release_date" : "2026-06-17T00:00:00Z",
    "advisory" : "RHSA-2026:26540",
    "cpe" : "cpe:/o:redhat:enterprise_linux_eus:10.0",
    "package" : "valkey-0:8.0.9-1.el10_0"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "release_date" : "2026-06-11T00:00:00Z",
    "advisory" : "RHSA-2026:25219",
    "cpe" : "cpe:/a:redhat:enterprise_linux:9",
    "package" : "redis:7-9080020260521083756.9"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "release_date" : "2026-06-15T00:00:00Z",
    "advisory" : "RHSA-2026:25925",
    "cpe" : "cpe:/a:redhat:enterprise_linux:9",
    "package" : "valkey-0:8.0.9-1.el9_8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9.4 Update Services for SAP Solutions",
    "release_date" : "2026-06-30T00:00:00Z",
    "advisory" : "RHSA-2026:33444",
    "cpe" : "cpe:/a:redhat:rhel_e4s:9.4",
    "package" : "redis:7-9040020260625094332.9"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9.6 Extended Update Support",
    "release_date" : "2026-06-16T00:00:00Z",
    "advisory" : "RHSA-2026:26306",
    "cpe" : "cpe:/a:redhat:rhel_eus:9.6",
    "package" : "redis:7-9060020260602115714.9"
  }, {
    "product_name" : "Red Hat Hardened Images",
    "release_date" : "2026-05-06T00:00:00Z",
    "advisory" : "RHSA-2026:14316",
    "cpe" : "cpe:/a:redhat:hummingbird:1",
    "package" : "valkey-main-9.0.4-0.1.hum1"
  } ],
  "package_state" : [ {
    "product_name" : "Red Hat Enterprise Linux 8",
    "fix_state" : "Under investigation",
    "package_name" : "redis:6/redis",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "fix_state" : "Under investigation",
    "package_name" : "redis",
    "cpe" : "cpe:/o:redhat:enterprise_linux:9"
  }, {
    "product_name" : "Red Hat Hardened Images",
    "fix_state" : "Not affected",
    "package_name" : "boost",
    "cpe" : "cpe:/a:redhat:hummingbird:1"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2026-23631\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-23631\nhttps://github.com/redis/redis/releases/tag/8.6.3\nhttps://github.com/redis/redis/security/advisories/GHSA-8ghh-qpmp-7826" ],
  "name" : "CVE-2026-23631",
  "mitigation" : {
    "value" : "To mitigate this flaw, ensure that Redis replicas maintain `replica-read-only` as enabled and prevent its modification by unauthorized users. If Lua scripting is not a required feature, consider disabling it to reduce the attack surface. Restricting network access to Redis instances to trusted clients can also limit exposure.\nFor Redis configuration, edit the `redis.conf` file to include or verify:\n`replica-read-only yes`\nAfter modifying the configuration, restart the Redis service for the changes to take effect. This action will temporarily interrupt service availability.",
    "lang" : "en:us"
  },
  "csaw" : false
}