The Hacker News

Autonomous AI Tool Finds 2-Year-Old RCE Flaw in Redis (CVE-2026-23479)

Redis CVE-2026-23479 enables authenticated RCE; affecting versions since 7.2.0, patched May 5 to reduce exploitation risk.
InfoQ

Redis Critical Remote Code Execution Vulnerability Discovered after 13 Years

Unlock the full InfoQ experience by logging in! Stay updated with your favorite authors and topics, engage with content, and download exclusive resources. Birgitta Böckeler, Distinguished Engineer at ...
Dark Reading

Patch Now: 'RediShell' Threatens Cloud Via Redis RCE

A 13-year-old vulnerability that affects all versions of the Redis open source data storage service can allow attackers to take full control of a host system, posing a significant threat to cloud ...
Hosted on MSN

Redis warns major security flaw could be impacting thousands of instances - so patch now

Redis patches CVE-2025-49844, a critical bug enabling remote code execution via Lua script abuse Vulnerability had existed for 13 years; affects versions 8.2.1 and below, now fixed in 8.2.2 Over ...
CSOonline

New peer-to-peer worm infects Redis instances through Lua vulnerability

The worm, dubbed P2PInfect, works across platforms and is resistant to takedowns. It might be the first stage of a larger attack. Researchers have discovered a new worm that infects servers running ...
Computing

Critical Redis vulnerability: tens of thousands at risk of remote code execution attacks

The Redis security team has issued a warning to system administrators and cloud infrastructure providers after discovering a critical vulnerability that could allow threat actors to remotely hijack ...