CVE-2026-46752

critical Apache
CVSS v3 Base Score
10.0
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
Attack Characteristics
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Published: June 25, 2026 (14 days ago)
Last Modified: June 25, 2026
Vendor: Apache
Source: MITRE

Description

Redis Lua HEAP overflow in cjson library vulnerability in Apache Kvrocks. This issue affects Apache Kvrocks: from 2.0.4 through 2.15.0. Users are recommended to upgrade to version 2.16.0, which fixes the issue.

CWE

CWE-122

Affected Products

Apache Software Foundation Apache Kvrocks

References