UBUNTU-CVE-2026-27623

See a problem?
Please try reporting it to the source first.

Source

https://ubuntu.com/security/CVE-2026-27623

Import Source

https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-27623.json

JSON Data

https://api.osv.dev/v1/vulns/UBUNTU-CVE-2026-27623

Upstream

CVE-2026-27623

Published

2026-02-23T20:28:00Z

Modified

2026-02-27T09:59:13Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
Ubuntu - medium

Summary

[none]

Details

Valkey is a distributed key-value database. Starting in version 9.0.0 and prior to version 9.0.3, a malicious actor with network access to Valkey can cause the system to abort by triggering an assertion. When processing incoming requests, the Valkey system does not properly reset the networking state after processing an empty request. A malicious actor can then send a request that the server incorrectly identifies as breaking server side invariants, which results in the server shutting down. Version 9.0.3 fixes the issue. As an additional mitigation, properly isolate Valkey deployments so that only trusted users have access.

References

Affected packages

Ubuntu:24.04:LTS / valkey

Package

Name: valkey
Purl: pkg:deb/ubuntu/valkey@7.2.11+dfsg1-0ubuntu0.2?arch=source&distro=noble

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

7.*

7.2.5+dfsg1-2ubuntu4~24.04.1

7.2.7+dfsg1-0ubuntu0.24.04.1

7.2.8+dfsg1-0ubuntu0.24.04.1

7.2.8+dfsg1-0ubuntu0.24.04.2

7.2.8+dfsg1-0ubuntu0.24.04.3

7.2.10+dfsg1-0ubuntu0.1

7.2.11+dfsg1-0ubuntu0.1

7.2.11+dfsg1-0ubuntu0.2

Ecosystem specific

{
    "binaries": [
        {
            "binary_version": "7.2.11+dfsg1-0ubuntu0.2",
            "binary_name": "valkey-redis-compat"
        },
        {
            "binary_version": "7.2.11+dfsg1-0ubuntu0.2",
            "binary_name": "valkey-sentinel"
        },
        {
            "binary_version": "7.2.11+dfsg1-0ubuntu0.2",
            "binary_name": "valkey-server"
        },
        {
            "binary_version": "7.2.11+dfsg1-0ubuntu0.2",
            "binary_name": "valkey-tools"
        }
    ]
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-27623.json"

Ubuntu:25.10 / valkey

Package

Name: valkey
Purl: pkg:deb/ubuntu/valkey@8.1.4+dfsg1-0ubuntu0.2?arch=source&distro=questing

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

8.*

8.0.2+dfsg1-1ubuntu1

8.1.1+dfsg1-2ubuntu1

8.1.3+dfsg1-0ubuntu1

8.1.3+dfsg1-0ubuntu2

8.1.4+dfsg1-0ubuntu0.1

8.1.4+dfsg1-0ubuntu0.2

Ecosystem specific

{
    "binaries": [
        {
            "binary_version": "8.1.4+dfsg1-0ubuntu0.2",
            "binary_name": "valkey-sentinel"
        },
        {
            "binary_version": "8.1.4+dfsg1-0ubuntu0.2",
            "binary_name": "valkey-server"
        },
        {
            "binary_version": "8.1.4+dfsg1-0ubuntu0.2",
            "binary_name": "valkey-tools"
        }
    ]
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-27623.json"