Regulatory Triage ICT Providers

Redis

Databases & Data Platforms

Period: 7d 14d 30d 90d

1

Open CVEs

0

Exploited

0

KEV

0

Unpatched

0

No Workaround

1

Internet-facing

Why this provider is risky now

This provider has 1 open CVE(s) in the last 7 days. 1 affect internet-facing services.

1 Internet-facing

Top Risky CVEs

CVE-2026-46497

Monitor

Two-layer blind SSRF in Crawlee for Python (pip/crawlee >= 1.0.0, < 1.7.0) allows an attacker who controls a sitemap or robots.txt file to force the crawler to issue HTTP requests against internal network services (layer 1, all HTTP clients), and - when CurlImpersonateHttpClient is configured - to dispatch non-HTTP scheme requests including gopher://, file://, dict://, and ftp:// (layer 2). The layer 2 escalation enables canonical Redis exploitation via gopher://, making RCE on unauthenticated internal Redis instances achievable from a public-facing crawler. No public exploit code has been identified at time of analysis and this CVE is not listed in the CISA KEV catalog, but the researcher-credited advisory details a fully articulated attack path including Redis RCE.

Edge exposure ICT dependency Patched

Why flagged?

By Exposure

Internet-facing

1

Mgmt / Admin Plane

0

Identity / Auth

0

Internal only

0

By Exploitability

Known exploited

0

Public PoC

0

High EPSS (>30%)

0

Remote unauthenticated

0

Local only

0

By Remediation

Patch available

1

No patch

0

Workaround available

0

No workaround

0

Affected Services / Product Families

Redis

1 CVE(s)

CVE-2026-46497 LOW Patched

Recommended Actions

Review WAF/firewall rules for 1 internet-facing CVE(s) Track Redis vendor advisories for remediation timeline

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy