Redis security patch release for CVE-2026-23479
Security Patch Release
Summary
Hide ▲
Show ▼
Redis released patched minor versions on May 5 to fix CVE-2026-23479, a use-after-free in blocking-client code that can lead to arbitrary OS command execution on affected servers. The release covers the vulnerable 7.2.x, 7.4.x, 8.2.x, 8.4.x, and 8.6.x branches, with fixed builds 7.2.14, 7.4.9, 8.2.6, 8.4.3, and 8.6.3. Operators on those lines face meaningful exposure until they upgrade from the affected maintenance releases.
Related Happenings
Ivanti Sentry patch release for CVE-2026-10520 and CVE-2026-10523
Security Patch Release
H score54
First: 10.06.2026 09:26
Last: 10.06.2026 09:26
Sources 1
About this happening:
Ivanti released a patch bundle for Sentry after identifying two critical vulnerabilities in the secure mobile gateway appliance, including CVE-2026-10520 and *...
Ivanti Sentry patch release for CVE-2026-10520 and CVE-2026-10523
Security Patch ReleaseAbout this happening: Ivanti released a patch bundle for Sentry after identifying two critical vulnerabilities in the secure mobile gateway appliance, including CVE-2026-10520 and *...
LiteSpeed cPanel user-end plugin urgent security update (CVE-2026-48172)
Security Patch Release
H score42
First: 27.05.2026 13:06
Last: 27.05.2026 13:06
Sources 1
About this happening:
LiteSpeed released urgent security updates for the cPanel user-end plugin after CVE-2026-48172 was found to be actively exploited, reducing exposure for systems ru...
LiteSpeed cPanel user-end plugin urgent security update (CVE-2026-48172)
Security Patch ReleaseAbout this happening: LiteSpeed released urgent security updates for the cPanel user-end plugin after CVE-2026-48172 was found to be actively exploited, reducing exposure for systems ru...
Latest development: 16.06.2026 13:47
CISA added CVE-2026-48172/CVE-2026-54420 in the LiteSpeed cPanel user-end plugin to the Known Exploited Vulnerabilities Catalog and ordered Federal Civilian Executive Branch agencies to secure affected servers within three days under BOD 26-04. The affected plugin versions before 2.4.8 are described as actively exploited, with FTP or web shell access enabling root escalation on shared hosting servers running CloudLinux/CageFS.
TrendAI Trend Micro’s enterprise business security patch release for CVE-2026-34926
Security Patch Release
H score45
First: 22.05.2026 11:19
Last: 22.05.2026 11:19
Sources 1
About this happening:
TrendAI released Apex One security updates after confirming a zero-day had been exploited in the wild, leaving on-premises installations at risk until patched....
TrendAI Trend Micro’s enterprise business security patch release for CVE-2026-34926
Security Patch ReleaseAbout this happening: TrendAI released Apex One security updates after confirming a zero-day had been exploited in the wild, leaving on-premises installations at risk until patched....
Ivanti security patch release for CVE-2026-8043
Security Patch Release
H score25
First: 18.05.2026 13:54
Last: 18.05.2026 13:54
Sources 1
About this happening:
Ivanti, Fortinet, SAP, Broadcom, and n8n released security fixes on 2026-05-18 for flaws that could enable authentication bypass, remote code execution, SQL...
Ivanti security patch release for CVE-2026-8043
Security Patch ReleaseAbout this happening: Ivanti, Fortinet, SAP, Broadcom, and n8n released security fixes on 2026-05-18 for flaws that could enable authentication bypass, remote code execution, SQL...
Linux kernel Dirty Frag patch release (CVE-2026-43284, CVE-2026-43500)
Security Patch Release
H score32
First: 11.05.2026 17:30
Last: 11.05.2026 17:30
Sources 1
About this happening:
Major Linux distributions are rolling out fixes for Dirty Frag, the Linux kernel patch release that covers CVE-2026-43284 and CVE-2026-43500. The update matter...
Linux kernel Dirty Frag patch release (CVE-2026-43284, CVE-2026-43500)
Security Patch ReleaseAbout this happening: Major Linux distributions are rolling out fixes for Dirty Frag, the Linux kernel patch release that covers CVE-2026-43284 and CVE-2026-43500. The update matter...
Timeline
-
03.06.2026 16:47 2 articles · 1mo ago
Redis releases patched minors for CVE-2026-23479
Mitigation Patch UpdateRedis releases 7.2.14, 7.4.9, 8.2.6, 8.4.3, and 8.6.3 on May 5 to fix CVE-2026-23479, a use-after-free in blocking-client code that can let an authenticated user run arbitrary OS commands on the Redis host.
Show sources
- Autonomous AI Tool Finds 2-Year-Old RCE Flaw in Redis (CVE-2026-23479) — thehackernews.com — 03.06.2026 16:47
- Autonomous AI Tool Finds 2-Year-Old RCE Flaw in Redis (CVE-2026-23479) — thehackernews.com — 03.06.2026 16:47
-
03.06.2026 16:47 1 articles · 1mo ago
Team Xint Code publishes a three-stage Redis RCE write-up
Technical Analysis UpdateTeam Xint Code and Wiz publish a technical write-up showing a three-stage RCE chain against Redis that starts with a heap-pointer leak, reclaims freed client memory, and ends with a function-pointer overwrite that can execute shell commands on the Redis host.
Show sources
- Autonomous AI Tool Finds 2-Year-Old RCE Flaw in Redis (CVE-2026-23479) — thehackernews.com — 03.06.2026 16:47