Valkey Bloom

1 CVEs product

Monthly

Sort: Newest CVSS Score EPSS Score Oldest

CVE-2026-21864 MEDIUM PATCH This Month

Denial of service in Valkey-Bloom module allows authenticated attackers to crash the Valkey server by sending a specially crafted RESTORE command that triggers an unhandled assertion. The vulnerability exists because the module failed to set the IO_ERRORS flag during RDB parsing, causing the server to shut down instead of gracefully handling the malformed input. A security patch is available, and administrators can mitigate the issue by disabling the RESTORE command if not required.

Code Injection Valkey Bloom

NVD GitHub

CVSS 3.1

6.5

EPSS

0.1%

CVE-2026-21864

EPSS 0% CVSS 6.5

MEDIUM PATCH This Month

Denial of service in Valkey-Bloom module allows authenticated attackers to crash the Valkey server by sending a specially crafted RESTORE command that triggers an unhandled assertion. The vulnerability exists because the module failed to set the IO_ERRORS flag during RDB parsing, causing the server to shut down instead of gracefully handling the malformed input. A security patch is available, and administrators can mitigate the issue by disabling the RESTORE command if not required.

Code Injection Valkey Bloom

NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy