7.5
CVE-2026-27623
- EPSS 0.35%
- Veröffentlicht 23.02.2026 19:43:45
- Zuletzt bearbeitet 30.06.2026 03:17:56
- Quelle security-advisories@github.com
- CVE-Watchlists
- Unerledigt
Valkey has Pre-Authentication DOS from malformed RESP request
Valkey is a distributed key-value database. Starting in version 9.0.0 and prior to version 9.0.3, a malicious actor with network access to Valkey can cause the system to abort by triggering an assertion. When processing incoming requests, the Valkey system does not properly reset the networking state after processing an empty request. A malicious actor can then send a request that the server incorrectly identifies as breaking server side invariants, which results in the server shutting down. Version 9.0.3 fixes the issue. As an additional mitigation, properly isolate Valkey deployments so that only trusted users have access.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Lfprojects ≫ Valkey Version >= 9.0.0 < 9.0.3
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.35% | 0.272 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| security-advisories@github.com | 7.5 | 3.9 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
|
| 0b0ca135-0b70-47e7-9f44-1890c2a1c46c | 7.5 | 3.9 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
|
CWE-20 Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
CWE-617 Reachable Assertion
The product contains an assert() or similar statement that can be triggered by an attacker, which leads to an application exit or other behavior that is more severe than necessary.
https://github.com/valkey-io/valkey/security/advisories/GHSA-93p9-5vc7-8wgr
https://access.redhat.com/security/cve/CVE-2026-27623
https://bugzilla.redhat.com/show_bug.cgi?id=2442021
https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-27623.json