CVE-2026-25589 Overview
CVE-2026-25589 is a heap-based memory corruption vulnerability [CWE-122] in RedisBloom, a probabilistic data structures module for Redis. All RedisBloom versions before 2.8.20 fail to validate serialized values processed through the Redis RESTORE command. An authenticated attacker with permission to execute RESTORE against a Redis server loaded with the RedisBloom module can submit a crafted serialized payload. The malformed payload triggers invalid memory access and may lead to remote code execution. The issue is fixed in RedisBloom version 2.8.20.
Critical Impact
Authenticated attackers with RESTORE permission can corrupt heap memory and potentially execute arbitrary code in the Redis process context.
Affected Products
- RedisBloom module versions prior to 2.8.20
- Redis deployments loading the RedisBloom module with default ACL permissions
- Managed and self-hosted Redis instances exposing probabilistic data structure types (Bloom filter, Cuckoo filter, Count-Min Sketch, Top-K, t-digest)
Discovery Timeline
- 2026-05-05 - CVE-2026-25589 published to NVD
- 2026-05-07 - Last updated in NVD database
Technical Details for CVE-2026-25589
Vulnerability Analysis
The Redis RESTORE command reconstructs a key from a serialized binary blob produced by DUMP. When the target key type is provided by the RedisBloom module, the module's deserialization callbacks parse the supplied buffer to reconstruct internal data structures such as filter arrays, hash counters, and sketch metadata. RedisBloom versions before 2.8.20 do not perform sufficient bounds checking or structural validation on the deserialized fields. An attacker with write access to a database can craft a serialized payload that declares oversized or inconsistent length fields. During reconstruction, the module performs heap operations using attacker-controlled sizes, producing out-of-bounds writes on the heap.
Root Cause
The root cause is missing validation of length and offset fields inside RedisBloom's RESTORE deserialization handlers. The module trusts type metadata in the input buffer and allocates or copies memory based on those values without cross-checking against the buffer length. This produces a classic [CWE-122] heap buffer overflow when the deserializer writes past allocated heap chunks.
Attack Vector
Exploitation requires network access to the Redis endpoint and an authenticated session whose ACL permits the RESTORE command. The attacker calls RESTORE with a key name, TTL, and a malicious serialized RedisBloom payload. The deserializer processes the payload synchronously inside the Redis main thread, corrupting heap structures. Adjacent heap metadata or function pointers may be overwritten, enabling remote code execution in the security context of the redis-server process. The attack does not require user interaction.
No public proof-of-concept exploit has been released. Refer to the GitHub Security Advisory GHSA-7862-34pw-44wv for technical details.
Detection Methods for CVE-2026-25589
Indicators of Compromise
- Unexpected redis-server crashes with SIGSEGV or jemalloc corruption messages in logs after a RESTORE operation
- RESTORE commands originating from low-privileged or service accounts that historically only issue GET/SET traffic
- New Bloom filter, Cuckoo filter, or Count-Min Sketch keys appearing immediately before a Redis process restart
- Outbound connections from the Redis host to unfamiliar IP addresses following module activity
Detection Strategies
- Enable Redis command auditing via MONITOR or the slow log to capture every RESTORE invocation and its source client
- Alert on any RESTORE call against keys whose type is MBbloom--, MBbloomCF, CMSk-type, topk-type, or TDIS-TYPE
- Correlate Redis process restarts with preceding RESTORE traffic in the same connection
Monitoring Recommendations
- Forward Redis logs and command telemetry into a centralized analytics platform such as Singularity Data Lake for cross-source correlation with endpoint and network events
- Apply behavioral AI detection on the Redis host through Singularity Endpoint to identify anomalous child processes or shellcode execution spawned from redis-server
- Monitor ACL configuration changes that grant +restore to non-administrative users
How to Mitigate CVE-2026-25589
Immediate Actions Required
- Upgrade the RedisBloom module to version 2.8.20 or later on every Redis instance that loads it
- Audit Redis ACLs and remove +restore permission from any user that does not require it for replication or backup workflows
- Restrict network access to Redis endpoints using firewall rules or service mesh policies, allowing only trusted application clients
- Review recent RESTORE activity in slow logs and audit trails for any payloads targeting RedisBloom key types
Patch Information
The vendor fix is published in RedisBloom Release v2.8.20. The release adds validation of serialized field lengths and structural consistency before allocating or writing to heap buffers in the RESTORE deserialization paths. Operators using container images should rebuild against the patched module, and managed Redis service customers should confirm the patched module version with their provider.
Workarounds
- Block the RESTORE command globally via ACL using ACL SETUSER default -restore for users that do not need it
- Create a dedicated replication account with +restore and disable that account at the network layer for all non-replication clients
- Disable the RedisBloom module in environments where probabilistic data structures are not in use, until patching is complete
# Restrict RESTORE via Redis ACL until the patch is deployed
redis-cli ACL SETUSER default -restore
redis-cli ACL SETUSER appuser on >STRONG_PASSWORD ~* +@read +@write -restore -@dangerous
redis-cli ACL SAVE
# Verify the RedisBloom module version is 2.8.20 or later
redis-cli MODULE LIST | grep -A1 bf
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
