Trust Center

Title: CVE‑2026‑23479 (High), CVE‑2026‑25243 (High), CVE-2026-25588 (High), CVE‑2026‑25589 (High), CVE-2026-23631 (Medium)

As part of an ongoing effort by the Redis Community and Redis to maintain Redis safety, security, and compliance posture, five security vulnerabilities in Redis have been proactively identified and remediated.

The vulnerabilities are: CVE‑2026‑23479 (High), CVE‑2026‑25243 (High), CVE-2026-25588 (High), CVE‑2026‑25589 (High), CVE-2026-23631 (Medium)

For additional information, please refer to: https://redis.io/blog/security-advisory-cve202623479-cve202625243-cve-2026-25588-cve202625589-cve-2026-23631

If you’re a Redis Cloud customer, your Redis instance is protected against these vulnerabilities, as we’ve already upgraded our Redis Cloud service with the fixes.

We encourage all Redis Software, Redis Community Edition, Redis OSS, and Redis Stack customers to upgrade to a release that includes the fix per the cadence required by their security best practices in light of the CVE severity.

We thank the security research community for helping us keep Redis secure!

As part of an ongoing effort by the Redis Community and Redis to maintain Redis safety, security, and compliance posture, a security vulnerability in Redis has been identified and remediated.

CVE-2025-62507 (High)

Affected Versions:

• Redis Software v8.0.2
  -- Fixed version 8.0.2-17 and above
• Redis Kubernetes v8.0.2
  -- Fixed version 8.0.2-2 and above
• Redis OSS v8.2
  -- Fixed version 8.2.3 and above

Redis Cloud Essentials and Pro plans are not affected.

For additional information on the issue, please refer to the Redis Security Advisory. We thank the security research community for helping us keep Redis secure!

As part of an ongoing effort by the Redis Community and Redis to maintain Redis safety, security, and compliance posture, a security vulnerability in Redis has been identified and remediated in the versions indicated below.

CVE-2025-49844 (Critical)

For additional information, please refer to: https://redis.io/blog/security-advisory-cve-2025-49844/

We’ve already upgraded our Redis Cloud service with the fixes, so no additional action is required from you.

If you’re self-managing Redis, whether Software or Community versions, upgrade your Redis to the latest release. See our blog post for details.

We thank the security research community for helping us keep Redis secure!

Redis does not use the compromised application, Salesloft Drift. We confirmed with Salesforce that none of our data was involved in the breach and there was no impact to Redis and/or Redis data.

Every day, Redis remains dedicated to delivering effective and reliable solutions through our products and services. We also know trust must be earned, not simply asserted.

That’s why we’re excited to announce that Redis is among the first organizations globally to achieve ISO/IEC 42001 (Artificial Intelligence Management Systems (AIMS)) certification. This certificate validates that Redis provides a secure and compliant foundation for the responsible development and deployment of AI-powered applications.

We view this certification as more than a milestone; it is a testament to our dedication to upholding the highest standards in artificial intelligence management for all Redis customers.

All documentation related to Redis’ ISO/IEC 42001 certification—as well as additional materials addressing security, trust, and compliance—can be accessed through the Redis Customer Trust Center.