CVE Catalog

CVE-2026-46752

CriticalCVSS 10.0
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.34%

25th percentile — higher than 25% of all known CVEs

Summary

Vulnerability in the cjson library in Apache Kvrocks causing Lua HEAP overflow. Affects versions from 2.0.4 to 2.15.0.

Risk Assessment

Exploitation of this vulnerability may lead to unauthorized access or system crashes. Organizations should be aware of the potential threats associated with this flaw.

Recommendation

It is recommended to upgrade to version 2.16.0, which fixes the issue. Keeping software up to date is crucial for security.

Original NVD description (English source)

Redis Lua HEAP overflow in cjson library vulnerability in Apache Kvrocks. This issue affects Apache Kvrocks: from 2.0.4 through 2.15.0. Users are recommended to upgrade to version 2.16.0, which fixes the issue.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS