Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 541
Alerts This Week
Warning Icon 1 541

Debian LTS Redis Remote Code Execution Issues DLA-4682-1

debian lts
Calendar Grey July 13, 2026
Dist Debian Esm H88
Redis for Debian LTS updated to fix two critical issues that could lead to remote code execution if exploited. Upgrade recommended.
It was discovered that there were two issues in Redis, the in-memory key/value database: CVE-2026-23631 An authenticated attacker could have exploited the master-replica synchroniz...

Summary

CVE-2026-23631

An authenticated attacker could have exploited the master-replica
synchronization mechanism to trigger a use-after-free on replicas
where "replica-read-only" is disabled (or could be disabled),
which may have led to remote code execution. Installations that
prevent users from executing Lua scripts were unaffected.

CVE-2026-25243

The RESTORE command did not properly validate serialized values.
An authenticated attacker with permission to execute RESTORE
could have suppled a crafted serialized payload that triggers
invalid memory access and this could have led to remote code
execution.

For Debian 12 bookworm, these problems have been fixed in version
5:7.0.15-1~deb12u8.

We recommend that you upgrade your redis packages.

For the detailed security status of redis please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/redis

Further information about Debian LTS security advisories, how to apply

Read the Full Advisory


Severity
important
Lowest
Low
Medium
High
Critical

Package: redis
Version: 5:7.0.15-1~deb12u8
CVE ID: CVE-2026-23631 CVE-2026-25243

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.