Alerts This Week
Warning Icon 1 692
Alerts This Week
Warning Icon 1 692

SUSE Valkey Important Remote Code Exec Vulnerabilities 2026-1949-1

suse
Calendar Grey May 18, 2026
Dist Suse Esm H88
SUSE update for valkey addresses three important vulnerabilities with risk of remote code execution from May 2026.
An update that solves three vulnerabilities can now be installed.

Summary

## This update for valkey fixes the following issues * CVE-2026-23479: use-after-free in unblock client flow may lead to remote code execution (bsc#1264164). * CVE-2026-23631: Lua use-after-free via the master-replica synchronization mechanism may lead to remote code execution (bsc#1264165). * CVE-2026-25243: invalid memory access in RESTORE command via a specially crafted serialized payload may lead to remote code execution (bsc#1264166). Changes for valkey: * Update to 8.0.9. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * Server Applications Module 15-SP7 zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP7-2026-1949=1

Topics%20covered

Topics Covered

security advisory SuSE remote code execution vulnerability important valkey

References

* bsc#1264164

* bsc#1264165

* bsc#1264166

Cross-

* CVE-2026-23479

* CVE-2026-23631

* CVE-2026-25243

CVSS scores:

* CVE-2026-23479 ( SUSE ): 7.7

CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

* CVE-2026-23479 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

* CVE-2026-23479 ( NVD ): 7.7

CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

* CVE-2026-23479 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

* CVE-2026-23631 ( SUSE ): 7.7

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2026:1949-1
Release Date: 2026-05-18T07:51:15Z
Rating: important

Topics%20covered

Topics Covered

security advisory SuSE remote code execution vulnerability important valkey

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here