How an Autonomous AI Tool Uncovered a Two-Year-Old Redis RCE Vulnerability (CVE‑2026‑23479)

Introduction

Traditional vulnerability scanners rely on known signatures and struggle with complex logic bugs. In December 2025, at the ZeroDay.Cloud hacking competition, the autonomous AI security tool Xint Code identified a high‑severity Use‑After‑Free remote code execution (RCE) vulnerability in Redis, assigned CVE‑2026‑23479.

Vulnerability Details

The vulnerability is rated 8.8 (CVSS 3.1) by NVD and 7.7 (CVSS 4.0) by Redis. It is a Use‑After‑Free (UAF) bug located in the blocking client code path, specifically in the function unblockClientOnKey() which calls processCommandAndResetClient(). The called function may free the client object, but the caller ignores the return value and continues to use the freed pointer, creating the UAF condition.

Timeline and Introduction Process

January 2023 : PR #11012 adds an unchecked function call, planting the seed.

March 2023 : PR #11568 adds additional accesses after the freed client.

2023 : Both patches are merged into the stable branch and shipped with Redis 7.2.0, entering the stable line.

For more than two years the flaw evaded security reviews.

December 2025 : Xint Code discovers the bug during the ZeroDay.Cloud competition.

May 5 2026 : Redis releases comprehensive patches covering all five maintenance branches.

Exploit Chain

Prerequisite ACL Permissions

@admin

(administrative rights) @scripting (Lua script execution) @stream (stream commands such as XREAD/XADD) @read/@write (basic read/write)

In default deployments the built‑in user possesses all these permissions, often grouped into a single shared role, lowering the attack barrier.

Three‑Stage Attack

Stage 1 – Heap Address Leak EVAL "return tostring(redis.call)" 0 The Lua script leaks a heap address, allowing the attacker to map the server’s memory layout.

Stage 2 – Heap Shaping

The attacker runs CONFIG SET maxmemory-clients to reshape client memory, parks a bloated client on a stream, then lowers the memory limit and wakes the blocked client. When Redis frees the blocked client, the attacker immediately overwrites the freed slot with a forged client structure via pipelined SET commands.

Stage 3 – Function‑Pointer Hijack

During updateClientMemoryUsage(), a crafted field triggers an out‑of‑bounds decrement that writes to the Global Offset Table (GOT). Because the official Redis Docker image uses partial RELRO, the GOT entry for strcasecmp() remains writable and is redirected to system(). The next parsed Redis command is executed as a shell command. ASLR and PIE are ineffective because the write targets a fixed offset.

Impact Scope and Fixes

The following branches are affected and have been patched on 5 May 2026:

Redis 7.2.x – 7.2.0 – 7.2.13 → fixed in 7.2.14

Redis 7.4.x – 7.4.0 – 7.4.8 → fixed in 7.4.9

Redis 8.2.x – 8.2.0 – 8.2.5 → fixed in 8.2.6

Redis 8.4.x – 8.4.0 – 8.4.2 → fixed in 8.4.3

Redis 8.6.x – 8.6.0 – 8.6.2 → fixed in 8.6.3

The same release batch also disclosed four additional RCE‑level Redis vulnerabilities (CVE‑2026‑25243, CVE‑2026‑25588, CVE‑2026‑25589, CVE‑2026‑23631).

Immediate Actions

Upgrade to the patched versions listed above.

Temporarily remove Internet‑exposed Redis instances or place them behind TLS.

Tighten ACLs: ensure no single role holds @admin, CONFIG, and @scripting simultaneously.

If Lua scripting is unused, disable the @scripting permission to block Stage 1.

Prioritize instances that are publicly reachable, share application credentials, or have combined CONFIG/script/stream access.

Rotate all shared Redis credentials.

Why AI Succeeded

Traditional static analysis tools and manual code reviews missed the flaw because they focus on known patterns or isolated syntax errors. The Use‑After‑Free condition spans two independent commits, requiring an understanding of data flow across modules. Xint Code performed autonomous data‑flow analysis, recognized that the two harmless commits together created a logical vulnerability, a capability beyond conventional scanners.

Industry Implications

Logic Vulnerabilities Become AI Targets

Logic bugs have long been considered hard to automate. AI’s ability to reason about complex codebases is changing that perception.

Cloud Deployments Amplify Risk

Analysts at Wiz note that Redis is widely deployed in cloud environments, often without passwords and with default users that possess all required permissions, making the pre‑conditions for exploitation almost trivial.

Code Review Blind Spots

Each pull request was deemed safe in isolation, yet their combination introduced a exploitable flaw. This reveals a structural deficiency in traditional review processes, which rarely assess cross‑PR interactions.

Security Recommendations

Upgrade all Redis instances to the patched versions.

Isolate Redis behind firewalls and TLS; avoid direct Internet exposure.

Apply the principle of least privilege: split the default user’s rights so no single role holds admin, scripting, and stream permissions together.

Disable unused features such as Lua scripting when not needed.

Rotate all shared Redis credentials regularly.

Integrate AI‑assisted vulnerability scanning into CI/CD pipelines and security reviews.

References

The Hacker News: “Autonomous AI Tool Finds 2‑Year‑Old RCE Flaw in Redis (CVE‑2026‑23479)”. https://thehackernews.com/2026/06/autonomous-ai-tool-finds-2-year-old-rce.html

Qualysec: “Autonomous AI Tool Uncovers Redis RCE Flaw (CVE‑2026‑23479)”. https://qualysec.com/cybersecurity-news/autonomous-ai-tool-finds-2-year-old-rce/

ZeroDay.Cloud Technical Report: “Redis CVE‑2026‑23479 Deep Dive”. https://www.zeroday.cloud/blog/redis-cve-2026-23479-deep-dive

Redis Official Security Advisory. https://redis.io/blog/security-advisory-cve202623479-cve202625243-cve-2026-25588-cve-202625589-cve-2026-23631/

NVD Vulnerability Details. https://nvd.nist.gov/vuln/detail/CVE-2026-23479