Dossier
blocking-client code
Coverage of blocking-client code in the Nexus archive.
- Autonomous AI Tool Finds 2-Year-Old RCE Flaw in Redis (CVE-2026-23479)
Redis patched a use-after-free vulnerability in its blocking-client code, allowing authenticated users to execute arbitrary OS commands. The flaw, tracked as CVE-2026-23479, was introduced in Redis 7.2.0 and remained undetected for over two years until fixed on May 5. An autonomous AI tool designed to hunt bugs in large codebases discovered the issue.