Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
Valkey Update: Fixes Security Risks and Performance Issues
SUSE-SU-2026:0848-1
Summary
Valkey has released an update to version 8.0.7, which addresses two security risks and several performance issues. These fixes prevent data tampering and denial of service attacks, and also correct problems that could cause the server to crash or fail to respond. It's recommended to update to the latest version to ensure the stability and security of your system.
What to do
- Update valkey to version 8.0.7-150700.3.14.1.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| – | valkey | <= 8.0.7-150700.3.14.1 | 8.0.7-150700.3.14.1 |
Original title
Security update for valkey
Original description
This update for valkey fixes the following issues:
Update to version 8.0.7.
Security issues fixed:
- CVE-2025-67733: data tampering and denial of service via improper null character handling in Lua scripts
(bsc#1258746).
- CVE-2026-21863: denial of service via invalid clusterbus packet (bsc#1258788).
Other updates and bugfixes:
- ltrim should not call signalModifiedKey when no elements are removed (#2787)
- chained replica crash when doing dual channel replication (#2983)
- used_memory_dataset underflow due to miscalculated used_memory_overhead (#3005)
- avoids crash during MODULE UNLOAD when ACL rules reference a module command and
subcommand (#3160)
- server assert on ACL LOAD and resetchannels (#3182)
- bug causing no response flush sometimes when IO threads are busy (#3205)
Update to version 8.0.7.
Security issues fixed:
- CVE-2025-67733: data tampering and denial of service via improper null character handling in Lua scripts
(bsc#1258746).
- CVE-2026-21863: denial of service via invalid clusterbus packet (bsc#1258788).
Other updates and bugfixes:
- ltrim should not call signalModifiedKey when no elements are removed (#2787)
- chained replica crash when doing dual channel replication (#2983)
- used_memory_dataset underflow due to miscalculated used_memory_overhead (#3005)
- avoids crash during MODULE UNLOAD when ACL rules reference a module command and
subcommand (#3160)
- server assert on ACL LOAD and resetchannels (#3182)
- bug causing no response flush sometimes when IO threads are busy (#3205)
- https://www.suse.com/support/update/announcement/2026/suse-su-20260848-1/ Vendor Advisory
- https://bugzilla.suse.com/1258746 Third Party Advisory
- https://bugzilla.suse.com/1258788 Third Party Advisory
- https://www.suse.com/security/cve/CVE-2025-67733 URL
- https://www.suse.com/security/cve/CVE-2026-21863 URL
Published: 7 Mar 2026 · Updated: 13 Mar 2026 · First seen: 10 Mar 2026