### AI-Discovered RCE Threatens Redis Deployments A critical remote code execution (RCE) vulnerability, tracked as **CVE-2026-23479**, has been patched in the popular open-source in-memory data store, **Redis**. This use-after-free flaw allows an authenticated attacker to execute arbitrary operating system commands on the machine hosting the database, posing a significant security risk to affected systems. The vulnerability was uniquely discovered by **Xint Code**, an autonomous AI security tool developed by **Theori** and reported by **Team Xint Code**. This highlights the evolving landscape of vulnerability research, where AI is increasingly playing a role in identifying complex bugs in large codebases.  ### The Vulnerability: CVE-2026-23479 Explained The use-after-free bug resides in the `unblockClientOnKey()` function within `src/blocked.c`, which is triggered when a key event wakes a blocked command. The function dispatches the queued command via `processCommandAndResetClient()`. Crucially, `processCommandAndResetClient()` can, as a side effect, free the client pointer it receives. However, the `unblockClientOnKey()` caller then proceeds to use this now-freed client pointer, leading to a classic use-after-free (CWE-416) condition. This flaw was introduced in **Redis** 7.2.0 and remained present in all stable branches until its fix on May 5th, having gone unnoticed for over two years. The National Vulnerability Database (NVD) rates it 8.8 under CVSS 3.1, while **Redis** itself lists it as 7.7 under CVSS 4.0. A detailed technical write-up has been made public by **Wiz**. ### How the Exploit Unfolds The exploit chain, demonstrated by **Team Xint Code** at **Wiz**'s ZeroDay.Cloud 2025 competition, is sophisticated and involves several stages: 1. **Heap Address Leak**: A one-line Lua script (`EVAL "return tostring(redis.call)" 0`) is used to leak a heap pointer. 2. **Memory Grooming and Fake Client Injection**: The attacker manipulates client memory limits, parks a large client on a stream, then reduces limits and wakes it. This causes **Redis** to free the blocked client mid-call. A pipelined `SET` command immediately reclaims the freed memory slot with a crafted fake client structure. 3. **Function Pointer Overwrite**: **Redis**'s routine memory accounting in `updateClientMemoryUsage()` is then leveraged to perform an out-of-bounds decrement using attacker-controlled fields. This targets the Global Offset Table (GOT) to redirect the `strcasecmp()` function pointer to `system()`. The next command parsed by **Redis** then executes as a shell command. The default **Redis Docker** image further simplifies the final stage by shipping with only partial RELRO, leaving the GOT writable at runtime. ### Prerequisites and Cloud Exposure Exploiting **CVE-2026-23479** requires an authenticated session with specific ACL categories: `@admin`, `CONFIG SET`, `EVAL`, stream commands (`XREAD`/`XADD`), and basic `SET`/`GET`. While these might seem restrictive, in many default **Redis** deployments, the default user possesses all these privileges. **Wiz**'s analysis highlights a significant concern: a large majority of **Redis** instances in cloud environments run without a password. This widespread configuration dramatically increases the attack surface, as an attacker only needs to gain initial access to the **Redis** instance to potentially achieve RCE.  ### Immediate Action Required: Patching and Mitigation **Redis** has released patches for this vulnerability, and immediate upgrades are strongly recommended. The affected branches and their corresponding fixed versions are: | Branch | Affected Versions | Fixed Version | | :----- | :------------------ | :------------ | | 7.2.x | 7.2.0 to 7.2.13 | 7.2.14 | | 7.4.x | 7.4.0 to 7.4.8 | 7.4.9 | | 8.2.x | 8.2.0 to 8.2.5 | 8.2.6 | | 8.4.x | 8.4.0 to 8.4.2 | 8.4.3 | | 8.6.x | 8.6.0 to 8.6.2 | 8.6.3 | Minor upgrades within a series are designed to be drop-in replacements. Managed **Redis** services are rolling out patches on their own schedules, with **Redis Cloud** already updated. If immediate patching is not feasible, implement the following mitigations: * **Network Segmentation**: Keep **Redis** instances off the public internet and behind robust firewalls. * **TLS Encryption**: Ensure all **Redis** communication is secured with TLS. * **Strict ACLs**: Tighten Access Control Lists (ACLs) to prevent any single role from holding `@admin`, `CONFIG`, and `@scripting` privileges concurrently. * **Disable Lua Scripting**: If not actively used, deny the `@scripting` ACL category, which prevents the Stage 1 heap leak. * **Credential Rotation**: Rotate any broadly shared **Redis** credentials. Prioritize patching and mitigation for internet-exposed instances, those with shared application credentials, and any roles that combine `CONFIG`, scripting, and stream access. ### A Broader Context **CVE-2026-23479** is one of five RCE-class **Redis** flaws disclosed last month, and it follows the 2025 **RediShell** flaw, another authenticated use-after-free involving Lua scripting. The fact that an AI tool, rather than traditional code review, identified this long-standing vulnerability underscores the need for continuous security innovation and robust testing methodologies in critical software. While there is no public evidence of in-the-wild exploitation yet, the full technical details are now public, significantly increasing the risk.