Wiu • 3w
Autonomous AI Discovery of Critical RCE in Redis
An autonomous AI-driven research tool developed by Theori has identified a critical use-after-free (UAF) vulnerability in Redis, designated as CVE-2026-23479. The flaw resides within the Redis blocking-client code and allows for remote code execution (RCE) and arbitrary OS command execution by an authenticated user. This vulnerability persisted in all stable branches from Redis 7.2.0 through the May 5, 2026, patch release, effectively evading both human security researchers and traditional automated testing methodologies for approximately two years. The discovery marks a significant escalation in the capability of autonomous agents to perform deep-code auditing and identify complex logic errors in production-grade software.
Links:Wiu, feeds.feedburner.com, Reddit, Cyberkendra, Radar, Theori, Aiweekly, Thehackernews, Socdefenders, App, penligent.ai, Cyber •