Browse all 4 CVE security advisories affecting valkey-io. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Valkey-io serves as an open-source in-memory data store alternative to Redis, handling caching, session management, and real-time data processing. Historically, it has faced vulnerabilities including remote code execution, cross-site scripting, and privilege escalation, often stemming from input validation flaws and insecure default configurations. While no major security incidents have been widely documented, the project maintains a moderate CVE count with four recorded vulnerabilities to date. Security characteristics include regular updates and community-driven patching, though users should remain vigilant about default settings and input sanitization when implementing the solution in production environments.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2026-27623 | Valkey has Pre-Authentication DOS from malformed RESP request — valkeyCWE-20 | 7.5 | High | 2026-02-23 |
| CVE-2026-21863 | Malformed Valkey Cluster bus message can lead to Remote DoS — valkeyCWE-125 | 7.5 | High | 2026-02-23 |
| CVE-2025-67733 | Valkey Affected by RESP Protocol Injection via Lua error_reply — valkeyCWE-74 | 8.5 | High | 2026-02-23 |
This page lists every published CVE security advisory associated with valkey-io. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.