Find notable cyber news and cases, enriched with sources, timelines, and signals.

Redis security patch release for CVE-2026-23479

Security Patch Release
First reported
Last updated
Happening score
H score 24
1 unique sources, 1 articles

Summary

Hide ▲

Redis released patched minor versions on May 5 to fix CVE-2026-23479, a use-after-free in blocking-client code that can lead to arbitrary OS command execution on affected servers. The release covers the vulnerable 7.2.x, 7.4.x, 8.2.x, 8.4.x, and 8.6.x branches, with fixed builds 7.2.14, 7.4.9, 8.2.6, 8.4.3, and 8.6.3. Operators on those lines face meaningful exposure until they upgrade from the affected maintenance releases.

Related Happenings

Ivanti Sentry patch release for CVE-2026-10520 and CVE-2026-10523

Security Patch Release
H score54 First: 10.06.2026 09:26 Last: 10.06.2026 09:26 Sources 1

About this happening: Ivanti released a patch bundle for Sentry after identifying two critical vulnerabilities in the secure mobile gateway appliance, including CVE-2026-10520 and *...

LiteSpeed cPanel user-end plugin urgent security update (CVE-2026-48172)

Security Patch Release
H score42 First: 27.05.2026 13:06 Last: 27.05.2026 13:06 Sources 1

About this happening: LiteSpeed released urgent security updates for the cPanel user-end plugin after CVE-2026-48172 was found to be actively exploited, reducing exposure for systems ru...

Latest development: 16.06.2026 13:47

CISA added CVE-2026-48172/CVE-2026-54420 in the LiteSpeed cPanel user-end plugin to the Known Exploited Vulnerabilities Catalog and ordered Federal Civilian Executive Branch agencies to secure affected servers within three days under BOD 26-04. The affected plugin versions before 2.4.8 are described as actively exploited, with FTP or web shell access enabling root escalation on shared hosting servers running CloudLinux/CageFS.

TrendAI Trend Micro’s enterprise business security patch release for CVE-2026-34926

Security Patch Release
H score45 First: 22.05.2026 11:19 Last: 22.05.2026 11:19 Sources 1

About this happening: TrendAI released Apex One security updates after confirming a zero-day had been exploited in the wild, leaving on-premises installations at risk until patched....

Ivanti security patch release for CVE-2026-8043

Security Patch Release
H score25 First: 18.05.2026 13:54 Last: 18.05.2026 13:54 Sources 1

About this happening: Ivanti, Fortinet, SAP, Broadcom, and n8n released security fixes on 2026-05-18 for flaws that could enable authentication bypass, remote code execution, SQL...

Linux kernel Dirty Frag patch release (CVE-2026-43284, CVE-2026-43500)

Security Patch Release
H score32 First: 11.05.2026 17:30 Last: 11.05.2026 17:30 Sources 1

About this happening: Major Linux distributions are rolling out fixes for Dirty Frag, the Linux kernel patch release that covers CVE-2026-43284 and CVE-2026-43500. The update matter...

Timeline

  1. 03.06.2026 16:47 2 articles · 1mo ago

    Redis releases patched minors for CVE-2026-23479

    Mitigation Patch Update

    Redis releases 7.2.14, 7.4.9, 8.2.6, 8.4.3, and 8.6.3 on May 5 to fix CVE-2026-23479, a use-after-free in blocking-client code that can let an authenticated user run arbitrary OS commands on the Redis host.

    Show sources
  2. 03.06.2026 16:47 1 articles · 1mo ago

    Team Xint Code publishes a three-stage Redis RCE write-up

    Technical Analysis Update

    Team Xint Code and Wiz publish a technical write-up showing a three-stage RCE chain against Redis that starts with a heap-pointer leak, reclaims freed client memory, and ends with a function-pointer overwrite that can execute shell commands on the Redis host.

    Show sources