In a significant development across cybersecurity, an autonomous AI tool “Xint Code” has uncovered a critical and a hidden vulnerability within Redis which is a widely used open-source data storage system.
The flaw CVE-2026-23479 went completely unnoticed for at least two years by the traditional security defenses and human developers. The flaw was reported and officially patched on May 5, 2026. Initially, it was not a highly publicized bug but it’s drawing massive industry attention now. As this has been inferred that the discovered flaw has been perceived by an AI agent during a hacking competition. This hour is very crucial as this flaw proves that autonomous software can find deeper vulnerabilities than human eyes.
How the Autonomous AI Found It
Usually, the automated security tools look for known patterns or basic code typos. However, Xint Code worked autonomously to know how data flows through complex codebases. Later, realised that the Redis Code Structure had two separate code updates which were made back in 2023. After further analysis it was found that the two code structures were safe on their own but when combined creates critical weaknesses.
The Technical Flaw Explained Simply
The uncovered bug is a Use-After-Free (UAF) vulnerability located in the Redis blocking-client code path, specifically inside the unblockClientOnKey() function.
Use-After-Free happens when a program allocates a chunk of memory to a user (the client), clears that memory to be reused, but then mistakenly tries to read or write to it anyway.
The AI then executed a sophisticated three-stage exploit:
- Information Leak: It used a Lua script to leak a heap pointer, mapping the server’s memory layout.
- Heap Grooming: By adjusting maxmemory-clients, the AI “groomed” the memory to place a fake client structure exactly where the freed memory resided.
- The Hijack: Using an out-of-bounds (OOB) decrement via updateClientMemoryUsage(), the AI targeted the Global Offset Table (GOT). Because official Docker images utilized Partial RELRO, the GOT remained writable, allowing the AI to redirect the strcasecmp() function to system().
By rewriting this directory, the attacker redirects standard string commands directly to the operating system’s system() function. This achieves full Remote Code Execution (RCE), allowing an attacker to execute administrative commands on the host machine, bypassing modern defenses like ASLR and PIE.
What is Affected and Repaired
The vulnerability natively affected almost all deployments running Redis 7.2.0 up to version 8.6.3, including instances running with out-of-the-box default user permissions.
| Release series | Affected versions | Fixed version |
| Redis 7.2.x | 7.2.0 – 7.2.13 | 7.2.14 |
| Redis 7.4.x | 7.4.0 – 7.4.8 | 7.4.9 |
| Redis 8.2.x | 8.2.0 – 8.2.5 | 8.2.6 |
| Redis 8.4.x | 8.4.0 – 8.4.2 | 8.4.3 |
| Redis 8.6.x | 8.6.0 – 8.6.2 | 8.6.3 |
On May 5, 2026, Redis officially fixed the problem, by shipping rather robust patches across all five of its maintained release series. The update adjusts the client handling flow so that if a client is evicted or freed in the middle of a call, the pointer is destroyed safely, and this basically blocks malicious memory reuse. Security experts now advise every organization that uses Redis to upgrade their software right away, to actually apply the repair.
Redis answered the discovery by putting out a comprehensive patch on May 5, 2026. The whole fix meant changing unblockClientOnKey() to strictly validate what the command process returns, so that nothing gets executed on a client that has already been freed.
This moment really feels like a turning point in cybersecurity. It suggests that autonomous AI isn’t only an efficient instrument anymore, but a necessity for surfacing deep, “invisible” vulnerabilities that traditional human-led pentesting can no longer reliably uncover.
