AI description
CVE-2026-23631, also known as "DarkReplica," is a use-after-free vulnerability found in Redis, an in-memory data structure store. This flaw specifically impacts versions of `redis-server` that utilize Lua scripting. An authenticated attacker can exploit the master-replica synchronization mechanism to trigger the use-after-free condition on replicas where the `replica-read-only` setting is either disabled or can be disabled. Successful exploitation of this vulnerability can lead to remote code execution. The issue was discovered during a ZeroDay.Cloud 2025 research effort and has since been patched in Redis version 8.6.3. A recommended workaround involves preventing users from executing Lua scripts or avoiding the use of replicas where `replica-read-only` is not enabled.
- Description
- Redis is an in-memory data structure store. In all versions of redis-server with Lua scripting, an authenticated attacker can exploit the master-replica synchronization mechanism to trigger a use-after-free on replicas where replica-read-only is disabled or can be disabled, which may lead to remote code execution. A workaround is to prevent users from executing Lua scripts or avoid using replicas where replica-read-only is disabled. This is patched in version 8.6.3.
- Source
- security-advisories@github.com
- NVD status
- Analyzed
- Products
- redis
CVSS 4.0
- Type
- Secondary
- Base score
- 6.1
- Impact score
- -
- Exploitability score
- -
- Vector string
- CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
- Severity
- MEDIUM
CVSS 3.1
- Type
- Primary
- Base score
- 8.1
- Impact score
- 5.2
- Exploitability score
- 2.8
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
- Severity
- HIGH
- security-advisories@github.com
- CWE-416
- Hype score
- Not currently trending
Redisで認証済みユーザーによるリモートコード実行(RCE)を可能にする重大な脆弱性「DarkReplica」が公開された。レプリケーション機能とLua実行環境の不具合を組み合わせることで、サーバー上で任意コードを
@yousukezan
8 Jun 2026
2609 Impressions
6 Retweets
18 Likes
7 Bookmarks
0 Replies
0 Quotes
5 CVEs in Redis https://t.co/32ZcxyrYW5 CVE‑2026‑23479: Use-After-Free in unblock client flow may lead to Remote Code Execution CVE‑2026‑25243,CVE-2026-25588,CVE‑2026‑25589: Invalid Memory Access in RESTORE Command [...] May Lead to RCE CVE-2026-23631: Lua UAF may lea
@oss_security
7 Jun 2026
1262 Impressions
4 Retweets
7 Likes
4 Bookmarks
1 Reply
0 Quotes
Top 5 Trending CVEs: 1 - CVE-2026-8732 2 - CVE-2026-23631 3 - CVE-2026-25243 4 - CVE-2026-46333 5 - CVE-2026-23479 #cve #cvetrends #cveshield #cybersecurity https://t.co/4Fua3CAN6W
@CVEShield
4 Jun 2026
94 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redis:redis:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D27823C5-96F2-4D85-89CF-9C5DEAC584E3",
"versionEndExcluding": "8.6.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
]