Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
9.8
Redis: Malicious Code Injection via Valkey Package
CLEANSTART-2026-BZ70876
Summary
The Redis open source database is affected by security vulnerabilities in its valkey package. This could allow an attacker to inject malicious code into the system, potentially leading to unauthorized access or data corruption. Update the Redis installation to the latest version to mitigate the risk.
What to do
- Update valkey to version 7.2.7-r0.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| – | valkey | <= 7.2.7-r0 | 7.2.7-r0 |
Original title
Redis is an open source, in-memory database that persists on disk
Original description
Multiple security vulnerabilities affect the valkey package. Redis is an open source, in-memory database that persists on disk. See references for individual vulnerability details.
osv CVSS3.1
9.8
- https://github.com/cleanstart-dev/cleanstart-security-advisories/tree/main/advis... Vendor Advisory
- https://osv.dev/vulnerability/CVE-2024-31227 URL
- https://osv.dev/vulnerability/CVE-2024-31228 URL
- https://osv.dev/vulnerability/CVE-2024-31449 URL
- https://nvd.nist.gov/vuln/detail/CVE-2024-31227 URL
- https://nvd.nist.gov/vuln/detail/CVE-2024-31228 URL
- https://nvd.nist.gov/vuln/detail/CVE-2024-31449 URL
Published: 4 Mar 2026 · Updated: 13 Mar 2026 · First seen: 9 Mar 2026