Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 443
Alerts This Week
Warning Icon 1 443

SUSE: valkey Critical Remote Code Execution Fix 2026:20022-1 CVE-2025-49844

suse
Calendar Grey January 15, 2026
Dist Suse Esm H88
This security advisory announces critical updates for valkey fixing four serious issues including remote code execution.
An update that solves four vulnerabilities can now be installed.

Summary

## This update for valkey fixes the following issues: Update to 8.0.6: * Security fixes: * CVE-2025-49844: Fixed that a Lua script may lead to remote code execution (bsc#1250995) * CVE-2025-46817: Fixed that a Lua script may lead to integer overflow and potential RCE (bsc#1250995) * CVE-2025-46818: Fixed that a Lua script can be executed in the context of another user (bsc#1250995) * CVE-2025-46819: Fixed LUA out-of-bound read (bsc#1250995) * Bug fixes: * Fix accounting for dual channel RDB bytes in replication stats (#2614) * Fix EVAL to report unknown error when empty error table is provided (#2229) * Fix use-after-free when active expiration triggers hashtable to shrink (#2257) * Fix MEMORY USAGE to account for embedded keys (#2290) * Fix memory leak when shrinking a hashtable without entries (#2288)

References

* bsc#1250995

Cross-

* CVE-2025-46817

* CVE-2025-46818

* CVE-2025-46819

* CVE-2025-49844

CVSS scores:

* CVE-2025-46817 ( SUSE ): 8.7

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

* CVE-2025-46817 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

* CVE-2025-46817 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

* CVE-2025-46817 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

* CVE-2025-46818 ( SUSE ): 8.6

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

* CVE-2025-46818 ( SUSE ): 8.0 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

* CVE-2025-46818 ( NVD ): 7.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

* CVE-2025-46818 ( NVD ): 6.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N

* CVE-2025-46819 ( SUSE ): 7.2

Severity
critical
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2026:20022-1
Release Date: 2026-01-07T09:43:28Z
Rating: critical

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.