Redis Patches Critical Use-After-Free Vulnerability Discovered by AI Tool

Redis patched a use-after-free vulnerability in its blocking-client code (CVE-2026-23479) that allowed authenticated users to execute arbitrary OS commands on the hosting machine. The flaw was discovered by an autonomous AI tool designed to identify bugs in large codebases. Introduced in Redis 7.2.0, the vulnerability persisted across all stable branches until fixes were released on May 5, remaining undetected for over two years. The issue specifically affected Redis instances where authenticated access was permitted. No additional attack vectors or exploitation details were provided in the report.