What CVE-2026-23479 Is and Why It Matters
CVE-2026-23479 is an authenticated Redis remote code execution vulnerability caused by a use-after-free bug in blocking-client logic that lets attackers run arbitrary operating system commands on the host if they hold sufficient privileges. It affects Redis versions 7.2.0 and later, across multiple stable branches, and remained unnoticed in production code for more than two years. The bug lives in unblockClientOnKey(), which continues using a client pointer after processCommandAndResetClient() may have freed it, violating its own documented behavior and leading to a classic CWE-416 scenario. NVD scores the Redis vulnerability CVE at 8.8 under CVSS 3.1, while Redis scores it 7.7 under CVSS 4.0. Although the exploit chain requires authenticated access and specific capabilities, the default Redis user often has all required permissions, keeping risk significant for many deployments.
How an Autonomous AI Tool Uncovered a Two-Year-Old Flaw
The remote code execution flaw in Redis was introduced by two separate code changes: a January 2023 refactor (PR #11012) that added the unchecked call to processCommandAndResetClient(), and a March 2023 change (PR #11568) that added further client access afterward. Alone, neither commit was dangerous; together, they created a hidden use-after-free condition that survived multiple rounds of security review. The issue was discovered not by traditional testing but by Team Xint Code, described as an autonomous AI security tool built to hunt bugs in large codebases, and publicly demonstrated at Wiz’s ZeroDay.Cloud 2025 event. According to Wiz’s analysis, Redis is present in a large majority of cloud environments, and many instances run without a password, which makes any authenticated RCE path especially concerning once exploit details become public.
Technical Overview of the Redis RCE Exploit Chain
The published exploit for CVE-2026-23479 is a three-stage remote code execution chain. First, a one-line Lua script (EVAL "return tostring(redis.call)" 0) leaks a heap pointer, giving the attacker a memory foothold. Second, the attacker manipulates client memory limits, parks a large client on a stream, then wakes it so Redis frees the blocked client mid-call; a pipelined SET then reclaims the freed slot with a fake client structure. Third, Redis’s updateClientMemoryUsage() function performs an out-of-bounds decrement using attacker-controlled fields, targeting the Global Offset Table to redirect strcasecmp() to system(). The next command Redis parses is executed as a shell command. The official Redis Docker image makes this easier because it ships with partial RELRO, leaving the GOT writable at runtime, and the write is relative to a global with a fixed offset, limiting defenses from ASLR and PIE.
Affected Versions and the Redis Security Update Timeline
The Redis security update for this Redis vulnerability CVE shipped on May 5, closing the use-after-free bug across all supported branches. CVE-2026-23479 affects Redis 7.2.0 and later, with specific vulnerable ranges for each series: 7.2.0–7.2.13, 7.4.0–7.4.8, 8.2.0–8.2.5, 8.4.0–8.4.2, and 8.6.0–8.6.2. Administrators should move to the corresponding fixed minors: 7.2.14, 7.4.9, 8.2.6, 8.4.3, or 8.6.3. These remote code execution patch releases are intended to be drop-in minor upgrades within each series, easing production rollout. Redis reports no evidence of exploitation in its own or customer environments so far, and as of publication there are no confirmed in-the-wild cases. However, the full technical exploit chain is now public, which increases the likelihood of copycat attacks targeting unpatched instances in the near term.
Mitigation Priorities and Hardening Steps for IT Teams
Organizations that cannot patch immediately should apply compensating controls to reduce risk from CVE-2026-23479. Keep Redis off the public internet, place it behind TLS, and ensure strong authentication is enforced. Tighten access control lists so no single role holds @admin, CONFIG, and @scripting together, and remove @scripting entirely if Lua is not required, which blocks the Stage 1 heap leak. Prioritize patching internet-facing Redis instances, environments using shared application credentials, and any account that combines CONFIG, scripting, and stream access (XREAD/XADD). Rotate widely shared Redis credentials as part of the response. As Wiz notes, most cloud environments include Redis, often with weak or missing passwords, so authenticated RCE paths remain dangerous even though credentials are required. Patching to the latest Redis security update should remain the primary goal for all affected deployments.
