Several security issues were fixed in Valkey.
Software Description:
- valkey: Persistent key-value database with network interface
Details:
It was discovered that Valkey incorrectly handled errors for lua scripts.
An attacker could possibly use this issue to inject arbitrary information
into the response stream for other clients. (CVE-2025-67733)
It was discovered that Valkey incorrectly handled malformed cluster bus
messages. A remote attacker could possibly use this issue to cause Valkey
to crash, resulting in a denial of service. (CVE-2026-21863)
The problem can be corrected by updating your system to the following package versions: Ubuntu 25.10 valkey-server 8.1.6+dfsg1-0ubuntu0.1 Ubuntu 24.04 LTS valkey-server 7.2.12+dfsg1-0ubuntu0.1 This update uses a new upstream release, which includes additional bug fixes. In general, a standard system update will make all the necessary changes.
https://ubuntu.com/security/notices/USN-8106-1
CVE-2025-67733, CVE-2026-21863
Get the latest Linux and open source security news straight to your inbox.