CVE Daily
← All tags

Tag: Valkey

All CVEs associated with "Valkey". Page 1/1 • 6 CVEs.

About “Valkey”

A curated feed of “Valkey”-related CVEs appears below. We currently track 6 CVEs for this tag (all time). In the last 365 days, 4 were published. Average CVSS is 6.4 (all time; 7.5 over 365d), and 50% are rated High/Critical (all time). Top CWEs (last 365 days): CWE-20 - Improper Input Validation, CWE-125 - Out-of-bounds Read, CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection').

In our taxonomy this topic maps to a LOW impact class. Databases, proxies, and web servers often need coordinated restarts and config checks. Patch only modules you deploy, verify TLS and authentication, and tune limits. Use the filters below to sort by CVSS, risk and CWE. Each detail page highlights vendor advisories and mitigation tips.

Support & lifecycle: valkey

This table shows recent release cycles and their projected end-of-life. Data source: endoflife.date.

CycleReleaseLatestPremier SupportEOLLTS
9.19.1.0Unavailable-
9.09.0.4
8.18.1.8
8.08.0.9
7.27.2.13

Maintained Soon (≤ 180 days) Expired

Subscribe lifecycle: RSS  ·  ICS

Subscribe CVEs: RSS for “Valkey”  ·  RSS (High+Critical only)

CVEs tagged with this topic. Filters apply to the whole list (loaded from JSON).

CVSS ≥ 0.0
2026-02-24
Medium

CVE-2026-21864

Valkey-Bloom is a Rust based Valkey module which brings a Bloom Filter (Module) data type into the Valkey distributed key-value database. Prior to commit a68614b6e3845777d383b3a513cedcc08b3b7ccd, a s…

CVSS: 6.5 CWE: CWE-20 - Improper Input Validation View on NVD
2026-02-23
High

CVE-2026-27623

Valkey is a distributed key-value database. Starting in version 9.0.0 and prior to version 9.0.3, a malicious actor with network access to Valkey can cause the system to abort by triggering an assert…

CVSS: 7.5 CWE: CWE-20 - Improper Input Validation View on NVD
High

CVE-2026-21863

Valkey is a distributed key-value database. Prior to versions 9.0.2, 8.1.6, 8.0.7, and 7.2.12, a malicious actor with access to the Valkey clusterbus port can send an invalid packet that may cause an…

CVSS: 7.5 CWE: CWE-125 - Out-of-bounds Read View on NVD
High

CVE-2025-67733

Valkey is a distributed key-value database. Prior to versions 9.0.2, 8.1.6, 8.0.7, and 7.2.12, a malicious user can use scripting commands to inject arbitrary information into the response stream for…

CVSS: 8.5 CWE: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') View on NVD
2025-06-02
Low

CVE-2025-49112

setDeferredReply in networking.c in Valkey through 8.1.1 has an integer underflow for prev->size - prev->used.

CVSS: 3.1 CWE: CWE-191 - Integer Underflow (Wrap or Wraparound) View on NVD
2025-05-01
Medium

CVE-2025-23145

In the Linux kernel, the following vulnerability has been resolved: mptcp: fix NULL pointer in can_accept_new_subflow When testing valkey benchmark tool with MPTCP, the kernel panics in 'mptcp_can_…

CVSS: 5.5 CWE: CWE-476 - NULL Pointer Dereference View on NVD
CVE Daily Lookup — auto-links CVE IDs on any page you visit. GitHub, Jira, Confluence & more. Free.
Chrome Firefox