VYPR
Unrated severityNVD Advisory· Published Feb 24, 2026· Updated Feb 26, 2026

Remote DoS from malformed RESTORE command

CVE-2026-21864

Description

Valkey-Bloom is a Rust based Valkey module which brings a Bloom Filter (Module) data type into the Valkey distributed key-value database. Prior to commit a68614b6e3845777d383b3a513cedcc08b3b7ccd, a specially crafted RESTORE command can cause Valkey to hit an assertion, causes the server to shutdown. Valkey modules are required to handle errors in RDB parsing by using VALKEYMODULE_OPTIONS_HANDLE_IO_ERRORS flag. If this flag is not set, errors encountered during parsing result in a system assertion which shuts down the system. Even though the Valkey-bloom module correctly handled the parsing, it did not originally set the flag. Commit a68614b6e3845777d383b3a513cedcc08b3b7ccd contains a patch. One may mitigate this defect by disabling the RESTORE command if it is unused by one's application.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Valkey Io/Valkey Bloomllm-fuzzy2 versions
    < commit a68614b6e3845777d383b3a513cedcc08b3b7ccd+ 1 more
    • (no CPE)range: < commit a68614b6e3845777d383b3a513cedcc08b3b7ccd
    • (no CPE)range: < a68614b6e3845777d383b3a513cedcc08b3b7ccd

Patches

Vulnerability mechanics

References

2

News mentions

0

No linked articles in our index yet.