NVD Vulnerability Detail

Search Exploit, PoC

NVD脆弱性検索トップ

->

NVD Vulnerability Detail

CVE-2026-25243

Summary	Redis is an in-memory data structure store. In versions of redis-server up to 8.6.3, the RESTORE command does not properly validate serialized values. An authenticated attacker with permission to execute RESTORE can supply a crafted serialized payload that triggers invalid memory access and may lead to remote code execution. A workaround is to restrict access to the RESTORE command with ACL rules. This is patched in version 8.6.3.
Publication Date	May 6, 2026, 2:17 a.m.
Registration Date	May 6, 2026, 4:07 a.m.
Last Update	May 6, 2026, 2:17 a.m.

Related information, measures and tools

No	URL	refsource	タグ
1	https://github.com/redis/redis/releases/tag/8.6.3	security-advisories@github.com
2	https://github.com/redis/redis/security/advisories/GHSA-c8h9-259x-jff4	security-advisories@github.com

Common Vulnerabilities List

No	CWE	Name	URL
1	CWE-122	ヒープオーバーフロー	https://cwe.mitre.org/data/definitions/122.html