PatchSiren

valkey-io CVE debriefs

These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.

HIGH valkey-io CVE published 2026-02-23

CVE-2026-27623

CVE-2026-27623 is a HIGH severity vulnerability in Valkey, a distributed key-value database. A malicious actor with network access can cause the system to abort by triggering an assertion. The issue arises from the system's improper handling of empty requests, allowing an attacker to send a request that the server incorrectly identifies as breaking server-side invariants, resulting in the server shutting [truncated]

HIGH valkey-io CVE published 2026-02-23

CVE-2025-67733

CVE-2025-67733 is a high-severity vulnerability in the Valkey distributed key-value database. Malicious users can inject arbitrary information into the response stream for a given client, potentially corrupting or returning tampered data to other users on the same connection. The error handling code for Lua scripts does not properly handle null characters. Versions 9.0.2, 8.1.6, 8.0.7, and 7.2.12 fix the [truncated]