Redis

A vulnerability in Redis allows authenticated attackers to gain full root access to all servers in a CVX cluster if they have network access and the Redis password.

A vulnerability in OpenTelemetry eBPF instrumentation for Redis causes error messages to be transmitted unfiltered to telemetry systems, potentially exposing confidential data or attacker-controlled content to monitoring backends.

In the Budibase low-code platform, user permissions are not immediately removed from Redis cache after role revocation, allowing users to retain access to functions they should no longer have privileges for up to one hour.

A vulnerability in the Redis server component of Synology BeeDrive for desktop allows local users to access certain files or directories to perform denial-of-service attacks and crash the service.

A vulnerability in Roundcube Webmail allows attackers to delete arbitrary files without authentication by manipulating session data in Redis or Memcache storage systems.

CVE-2026-9357

A security vulnerability in the LiteSpeed User-End cPanel Plugin allows attackers to escalate their privileges and potentially gain full system control, which has already been actively exploited.

AutoGPT, an AI workflow platform, unsafely deserializes data from Redis cache without integrity checks. Attackers can execute arbitrary code by manipulating the cache.

A vulnerability in Open WebUI before version 0.9.0 causes configuration settings from different instances to overwrite each other when sharing Redis databases, potentially exposing users to incorrect server configurations from other instances.

A vulnerability in the Netty library allows attackers to inject malicious Redis commands by using special control characters in messages that are not properly filtered.

In the Inbox Zero email software, a Redis implementation flaw can cause email thread events from one user to be incorrectly delivered to another logged-in user, leading to unauthorized data access.

A vulnerability in the RedisBloom module for Redis allows authenticated attackers to trigger memory errors and potentially execute malicious code by providing crafted data through the RESTORE command.

affects: <2.8.20 · 8.2.7 not affected

A vulnerability in the RedisTimeSeries module for Redis allows authenticated attackers to trigger memory errors and potentially execute malicious code by providing crafted data through the RESTORE command.

affects: <1.12.14 · 8.2.7 not affected

Redis database has a vulnerability in the RESTORE command that doesn't properly validate incoming data. Attackers with access can send malicious data and potentially execute arbitrary code on the server.

affects: <8.6.3 · your 8.2.7 affected

Redis database has a vulnerability in its Lua scripting feature that allows authenticated attackers to execute malicious code on replica servers when certain write permissions are enabled.

affects: <8.6.3 · your 8.2.7 affected

Redis server versions 7.2.0 through 8.6.3 contain a memory handling flaw when processing blocked commands that allows authenticated attackers to execute malicious code on the server.

affects: ≥7.2.0 <8.6.3 · your 8.2.7 affected

A vulnerability in OpenC3 COSMOS allows users with script permissions to perform administrative actions through specially crafted scripts, including reading secrets from the Redis database and modifying system settings.

A critical vulnerability in the MixPHP Framework allows attackers to execute malicious code by injecting manipulated data into Redis sessions or cache storage, which is then unsafely deserialized.

A security vulnerability in the mailcow email software allows attackers to inject malicious code into admin logs that gets executed when administrators view those logs.

A vulnerability in Distribution software allows deleted container content to become accessible again when Redis cache and delete functionality are enabled.

A vulnerability in D-Tale (a web application for data analysis) allows attackers to execute malicious code on the server when Redis or Shelf storage layers are used.

A vulnerability in Aperi'Solve allows attackers to execute arbitrary code and gain full system control through unsanitized password inputs when uploading JPEG files.

A vulnerability in Roundcube Webmail allows unauthenticated attackers to write arbitrary files on the server by sending manipulated session data through the Redis/Memcache handler.

FastGPT, an AI agent platform, has a vulnerability in certain endpoints that allows authenticated attackers to scan internal networks and access internal services like databases.

A WordPress plugin vulnerability allows attackers to send arbitrary web requests to internal services without authentication, potentially leading to remote server access.

A vulnerability in LangGraph's caching system allows execution of malicious code when attackers can write data to the cache storage (like Redis or SQLite) and the application later processes it.

A vulnerability in datapizza-ai software allows attackers on the local network to inject and execute malicious data through the Redis cache function.

OneUptime monitoring software allows users to execute JavaScript code that can easily escape its security sandbox, enabling complete system access and exposure of all stored passwords and credentials.

A vulnerability in the Redis checkpoint library for LangGraph allows attackers to manipulate database queries through specially crafted filter inputs and potentially access unauthorized data.

LibreNMS, a network monitoring tool, has an input validation weakness in device group names that allows administrators to inject malicious scripts that get displayed to other users.

Release 2026-06-04

Release 2026-06-04

Release 2026-06-04

Release 2026-05-25

Current / stable

Release 2026-05-14

Release 2026-05-05

Release 2026-05-05

Release 2026-05-05

Release 2026-05-05

Release 2026-05-05

Release 2026-05-05

Release 2026-04-28

Release 2026-04-16

Release 2026-03-24

Release 2026-02-23

Release 2026-02-23

Release 2026-02-23

Release 2026-02-23

Release 2026-02-23

Release 2026-02-23

Supported

Release 2026-02-10

Release 2026-02-08

Release 2026-02-08

Release 2026-01-22

Release 2025-11-18

Supported

Release 2025-11-04

Release 2025-11-02

Release 2025-11-02

Release 2025-11-02

Release 2025-11-02

EOL 2026-05-25

EOL 2026-02-11

Supported

Supported

EOL 2024-07-29

Supported

EOL 2022-05-31

EOL 2022-04-27