A two-year-old RCE bug in Redis was just made public. An AI tool found it. The full exploit chain is out.
CVE-2026-23479 is a critical use-after-free vulnerability in Redis introduced in version 7. 2. 0 and publicly disclosed in 2026. It allows an authenticated user to execute arbitrary OS commands via a three-stage exploit chain involving Lua scripting and memory manipulation. The vulnerability survived multiple security reviews and affects many Redis deployments, especially those without password protection. Official patches were released on May 5, 2026, across multiple Redis branches. Mitigations include immediate patching, restricting Redis exposure to the public internet, enforcing TLS, tightening ACLs, and disabling Lua scripting if unused. This vulnerability is part of a broader set of Redis RCE flaws disclosed simultaneously.
AI Analysis
Technical Summary
CVE-2026-23479 is a use-after-free vulnerability in Redis's blocking-client code path that enables remote code execution (RCE) by an authenticated user. The flaw was introduced in Redis 7.2.0 via two commits that individually were not dangerous but combined created a use-after-free condition. The exploit chain involves leaking a heap pointer with a Lua script, grooming client memory, triggering a free, and overwriting a function pointer in the Global Offset Table to redirect execution to system(). The official Redis Docker image's partial RELRO protection facilitates exploitation. The vulnerability affects default Redis deployments where the default user has full permissions, making authentication a weak barrier. Patches were released on May 5, 2026, for versions 7.2.x (7.2.14), 7.4.x (7.4.9), 8.2.x (8.2.6), 8.4.x (8.4.3), and 8.6.x (8.6.3). Redis Cloud is already patched. The discovery was made by an autonomous AI tool during a hacking competition, and a full public exploit writeup is available.
Potential Impact
The vulnerability allows an authenticated attacker to execute arbitrary operating system commands on the Redis host, potentially leading to full system compromise. Since many Redis instances run without password protection and the default user has extensive permissions, the authentication requirement is often not a significant barrier. The exploit can bypass common memory protection mechanisms like ASLR and PIE due to targeting a fixed global offset. This poses a critical risk to cloud environments where Redis is widely deployed (approximately 75%). The flaw survived multiple security reviews and was only found by an AI tool, highlighting the challenge of detecting complex use-after-free bugs.
Mitigation Recommendations
Official patches addressing CVE-2026-23479 were released on May 5, 2026, for multiple Redis branches (7.2.14, 7.4.9, 8.2.6, 8.4.3, 8.6.3). Immediate upgrading to these patched versions is strongly recommended. For environments where immediate patching is not feasible, mitigate by removing Redis instances from public internet exposure, enforcing TLS encryption, tightening ACLs to prevent any single role from holding both u/admin and u/scripting permissions simultaneously, and disabling Lua scripting if it is not required, which blocks the initial stage of the exploit chain. Managed Redis service users should verify patch status with their providers; Redis Cloud is confirmed patched. Review the official Redis security advisory covering this and related RCE vulnerabilities for comprehensive guidance.
A two-year-old RCE bug in Redis was just made public. An AI tool found it. The full exploit chain is out.
Description
CVE-2026-23479 is a critical use-after-free vulnerability in Redis introduced in version 7. 2. 0 and publicly disclosed in 2026. It allows an authenticated user to execute arbitrary OS commands via a three-stage exploit chain involving Lua scripting and memory manipulation. The vulnerability survived multiple security reviews and affects many Redis deployments, especially those without password protection. Official patches were released on May 5, 2026, across multiple Redis branches. Mitigations include immediate patching, restricting Redis exposure to the public internet, enforcing TLS, tightening ACLs, and disabling Lua scripting if unused. This vulnerability is part of a broader set of Redis RCE flaws disclosed simultaneously.
Reddit Discussion
CVE-2026-23479 has been sitting in Redis since 7.2.0, introduced in mid-2023 across two separate commits that were not dangerous individually but created a use-after-free condition together. It survived multiple rounds of security review and remained in every stable branch until patches landed on May 5. The flaw was not found by a human security researcher going through the code. An autonomous AI tool called Xint Code, built by Theori specifically to hunt bugs in large codebases, found it at Wiz's ZeroDay.Cloud hacking competition in London last December. The full technical writeup and working exploit chain are now public.
Here's why this matters beyond the patch urgency. Redis runs in roughly 75% of cloud environments according to Wiz. Most of those instances run without a password. The exploit technically requires an authenticated session, but in a default Redis deployment the default user already holds every permission the attack chain needs: u/admin, u/scripting, u/stream, and read/write access. So for a significant portion of exposed instances, the authentication requirement is not much of a barrier in practice.
The exploit itself is a three-stage chain. First a one-line Lua script leaks a heap pointer. Then the attacker grooms client memory, parks a large client on a stream, drops the memory limits to trigger the free, and immediately reclaims the freed slot with a fake client structure via a pipelined SET. Finally Redis's own memory accounting routine gets turned against itself to overwrite a function pointer in the Global Offset Table, redirecting a standard string function to system(). The next command Redis parses runs as a shell command on the host.
The official Redis Docker image makes the last step easier because it ships with only partial RELRO, leaving the GOT writable at runtime. ASLR and PIE do not help here since the write targets a global with a fixed offset at build time.
Patches are out. Minor upgrades within a series are designed to be drop-in, so there is no good reason to delay. If you are on a managed Redis service, check your provider's status. Redis Cloud is already patched.
Patched versions by branch: 7.2.x fixed in 7.2.14, 7.4.x fixed in 7.4.9, 8.2.x fixed in 8.2.6, 8.4.x fixed in 8.4.3, 8.6.x fixed in 8.6.3.
If patching immediately is not possible, keep Redis off the public internet, put it behind TLS, tighten ACLs so no single role holds u/admin and u/scripting together, and disable Lua scripting entirely if you do not use it. That last step kills Stage 1 of the exploit chain.
Worth noting this is one of five RCE-class Redis flaws disclosed in the same May 5 advisory. CVE-2026-23479 is the one that got the full public exploit writeup, but the others are worth reviewing too. Redis's official security advisory covers all five.
This assumes some familiarity with your environment and Redis configuration. If any of this is unclear, drop a comment and the community or myself can help.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
CVE-2026-23479 is a use-after-free vulnerability in Redis's blocking-client code path that enables remote code execution (RCE) by an authenticated user. The flaw was introduced in Redis 7.2.0 via two commits that individually were not dangerous but combined created a use-after-free condition. The exploit chain involves leaking a heap pointer with a Lua script, grooming client memory, triggering a free, and overwriting a function pointer in the Global Offset Table to redirect execution to system(). The official Redis Docker image's partial RELRO protection facilitates exploitation. The vulnerability affects default Redis deployments where the default user has full permissions, making authentication a weak barrier. Patches were released on May 5, 2026, for versions 7.2.x (7.2.14), 7.4.x (7.4.9), 8.2.x (8.2.6), 8.4.x (8.4.3), and 8.6.x (8.6.3). Redis Cloud is already patched. The discovery was made by an autonomous AI tool during a hacking competition, and a full public exploit writeup is available.
Potential Impact
The vulnerability allows an authenticated attacker to execute arbitrary operating system commands on the Redis host, potentially leading to full system compromise. Since many Redis instances run without password protection and the default user has extensive permissions, the authentication requirement is often not a significant barrier. The exploit can bypass common memory protection mechanisms like ASLR and PIE due to targeting a fixed global offset. This poses a critical risk to cloud environments where Redis is widely deployed (approximately 75%). The flaw survived multiple security reviews and was only found by an AI tool, highlighting the challenge of detecting complex use-after-free bugs.
Mitigation Recommendations
Official patches addressing CVE-2026-23479 were released on May 5, 2026, for multiple Redis branches (7.2.14, 7.4.9, 8.2.6, 8.4.3, 8.6.3). Immediate upgrading to these patched versions is strongly recommended. For environments where immediate patching is not feasible, mitigate by removing Redis instances from public internet exposure, enforcing TLS encryption, tightening ACLs to prevent any single role from holding both u/admin and u/scripting permissions simultaneously, and disabling Lua scripting if it is not required, which blocks the initial stage of the exploit chain. Managed Redis service users should verify patch status with their providers; Redis Cloud is confirmed patched. Review the official Redis security advisory covering this and related RCE vulnerabilities for comprehensive guidance.
Technical Details
- Source Type
- Subreddit
- cybersecurity
- Reddit Score
- 0
- Discussion Level
- minimal
- Content Source
- reddit_link_post
- Post Type
- link
- Domain
- null
- Newsworthiness Assessment
- {"score":43,"reasons":["external_link","newsworthy_keywords:exploit,rce","urgent_news_indicators","established_author","very_recent"],"isNewsworthy":true,"foundNewsworthy":["exploit","rce"],"foundNonNewsworthy":[]}
- Has External Source
- true
- Trusted Domain
- false
Threat ID: 6a2053d3e29bf47b50cceb69
Added to database: 6/3/2026, 4:18:27 PM
Last enriched: 6/3/2026, 4:18:41 PM
Last updated: 6/3/2026, 5:27:46 PM
Views: 3
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.