{"id":"CVE-2026-25589","summary":"RedisBloom RESTORE invalid memory access may allow remote code execution","details":"RedisBloom is a probabilistic data structures module for Redis. In all versions of RedisBloom before 2.8.20, the module does not properly validate serialized values processed through the Redis RESTORE command. An authenticated attacker with permission to execute RESTORE on a server with the RedisBloom module loaded can supply a crafted serialized payload that triggers invalid memory access and may lead to remote code execution. A workaround is to restrict access to the RESTORE command with ACL rules. This issue is fixed in version 2.8.20.","aliases":["BIT-keydb-2026-25589","BIT-redis-2026-25589","GHSA-7862-34pw-44wv"],"modified":"2026-07-15T22:57:30.902134Z","published":"2026-05-05T16:50:35.545Z","related":["CGA-xp4g-hh5v-wg39","openSUSE-SU-2026:10711-1"],"database_specific":{"cna_assigner":"GitHub_M","cwe_ids":["CWE-122"],"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/25xxx/CVE-2026-25589.json"},"references":[{"type":"WEB","url":"https://github.com/RedisBloom/RedisBloom/releases/tag/v2.8.20"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/25xxx/CVE-2026-25589.json"},{"type":"ADVISORY","url":"https://github.com/RedisBloom/RedisBloom/security/advisories/GHSA-7862-34pw-44wv"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2026-25589"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/redisbloom/redisbloom","events":[{"introduced":"0"},{"fixed":"7aa71f3aed2e7d86b9e39601edf85aa621144258"}],"database_specific":{"cpe":"cpe:2.3:a:redisbloom:redisbloom:*:*:*:*:*:*:*:*","extracted_events":[{"introduced":"0"},{"fixed":"2.8.20"}],"source":["AFFECTED_FIELD","CPE_RANGE","REFERENCES"]}}],"versions":["v2.8.17","v2.8.16","v2.8.11","v2.8.10","v2.8.7","v2.8.6","v2.8.5","v2.8.4","v2.8.2","v2.8.1","v2.8.0","v2.2.15","v1.0.3","v1.1.1","v2.0.3","v2.0.2","v2.0.1","v2.0.0","v1.99.2","v1.99.0","v1.1.0","v1.0.2","v1.0.1","v1.0.0"],"database_specific":{"vanir_signatures":[{"digest":{"function_hash":"190033199571822192811852476772591499083","length":303},"id":"CVE-2026-25589-00450983","signature_type":"Function","signature_version":"v1","source":"https://github.com/redisbloom/redisbloom/commit/7aa71f3aed2e7d86b9e39601edf85aa621144258","target":{"function":"bloom_validate_integrity","file":"deps/bloom/bloom.c"},"deprecated":false},{"signature_type":"Function","signature_version":"v1","source":"https://github.com/redisbloom/redisbloom/commit/7aa71f3aed2e7d86b9e39601edf85aa621144258","target":{"file":"src/rm_topk.c","function":"TopKRdbLoad"},"deprecated":false,"digest":{"function_hash":"314656162387601471983185512077731945730","length":1091},"id":"CVE-2026-25589-1c74d4cf"},{"digest":{"function_hash":"173614055414527864202728867430187964627","length":1407},"id":"CVE-2026-25589-30ed71ad","signature_type":"Function","signature_version":"v1","source":"https://github.com/redisbloom/redisbloom/commit/7aa71f3aed2e7d86b9e39601edf85aa621144258","target":{"function":"BFRdbLoad","file":"src/rebloom.c"},"deprecated":false},{"signature_type":"Line","signature_version":"v1","source":"https://github.com/redisbloom/redisbloom/commit/7aa71f3aed2e7d86b9e39601edf85aa621144258","target":{"file":"src/rm_topk.c"},"deprecated":false,"digest":{"line_hashes":["176937697900117869843715395238314902503","281863561434176182870040821963932259639","85693880767897671768638090806818053754","239578733413317246596531304415494105645","311633727902594047607962681050638246408","270348704655263724061894724310991733082","243003668030588754374938847895953146123","278609602492418172141367131819486319433","20458385005186759127599559756662496318","195717959336223802810319132375739826748","69075852098607868170790623159883558147","254163239727585354922281584928107568302","101029253356132306290871441398661867063","276245708294252468880052669971127494822"],"threshold":0.9},"id":"CVE-2026-25589-50436d23"},{"signature_version":"v1","source":"https://github.com/redisbloom/redisbloom/commit/7aa71f3aed2e7d86b9e39601edf85aa621144258","target":{"file":"src/rebloom.c","function":"CFRdbLoad"},"deprecated":false,"digest":{"length":1532,"function_hash":"223530382244079244905041055342807674082"},"id":"CVE-2026-25589-6a4088d3","signature_type":"Function"},{"deprecated":false,"digest":{"function_hash":"125651629675959477240790569625638194054","length":497},"id":"CVE-2026-25589-6c639dae","signature_type":"Function","signature_version":"v1","source":"https://github.com/redisbloom/redisbloom/commit/7aa71f3aed2e7d86b9e39601edf85aa621144258","target":{"file":"src/rm_cms.c","function":"CMSRdbLoad"}},{"target":{"file":"deps/bloom/bloom.c"},"deprecated":false,"digest":{"line_hashes":["128660825712375208709017645689840831410","105273354014365898641277172430761292954","218241749879155963196996198740217875652","247099069310598039611736160188835799986","224321526910583892059049840004971587344","278747941733769591649655996170750671696","116748975856217070561537633951791935159","110198337001465839157440848218406656874","89139137503643979739241486702079678217","95297021399068250642466072591681625743","232334382586157866892711157032516440840","294686956021835771836081032711448584274"],"threshold":0.9},"id":"CVE-2026-25589-7a1c2537","signature_type":"Line","signature_version":"v1","source":"https://github.com/redisbloom/redisbloom/commit/7aa71f3aed2e7d86b9e39601edf85aa621144258"},{"deprecated":false,"digest":{"line_hashes":["52748390118848728895903804132060843238","255127923044160926741737174338773892822","81644780528184914603879680775395600147","216347188126507376384019466753398216344","76007666299853693322029827754013926197","148253124812409412701808651942611122553","332111093495405273028873188534800340462","62815517668640440471316027361722081897","39201917812076562480146648265594373733","194285213263983487783456481981353433801","67325953739970890135661276388843875775","107692083859745397549670313229054131660"],"threshold":0.9},"id":"CVE-2026-25589-7d460f5c","signature_type":"Line","signature_version":"v1","source":"https://github.com/redisbloom/redisbloom/commit/7aa71f3aed2e7d86b9e39601edf85aa621144258","target":{"file":"src/rebloom.c"}},{"target":{"file":"src/rm_tdigest.c"},"deprecated":false,"digest":{"line_hashes":["10065263032729503262055990074974723405","73644310425968903156228548121024822242","127219723596616659003449333269923679574"],"threshold":0.9},"id":"CVE-2026-25589-8b87e311","signature_type":"Line","signature_version":"v1","source":"https://github.com/redisbloom/redisbloom/commit/7aa71f3aed2e7d86b9e39601edf85aa621144258"},{"digest":{"function_hash":"292731040376691661727286932150521225035","length":893},"id":"CVE-2026-25589-93a86295","signature_type":"Function","signature_version":"v1","source":"https://github.com/redisbloom/redisbloom/commit/7aa71f3aed2e7d86b9e39601edf85aa621144258","target":{"file":"src/rm_tdigest.c","function":"TDigestRdbLoad"},"deprecated":false},{"signature_version":"v1","source":"https://github.com/redisbloom/redisbloom/commit/7aa71f3aed2e7d86b9e39601edf85aa621144258","target":{"file":"src/rm_cms.c"},"deprecated":false,"digest":{"line_hashes":["52875295195178156440941762145596867956","52547126659314459027707176083186683340","186994724788201235425224511961377207927","323338179169988838869612778420414092245","312514710730899689926613718881365392645"],"threshold":0.9},"id":"CVE-2026-25589-bde9672b","signature_type":"Line"}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-25589.json","vanir_signatures_modified":"2026-07-15T22:57:30Z"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V4","score":"CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"}]}