Description

Valkey-Bloom is a Rust based Valkey module which brings a Bloom Filter (Module) data type into the Valkey distributed key-value database. Prior to commit a68614b6e3845777d383b3a513cedcc08b3b7ccd, a specially crafted `RESTORE` command can cause Valkey to hit an assertion, causes the server to shutdown. Valkey modules are required to handle errors in RDB parsing by using `VALKEYMODULE_OPTIONS_HANDLE_IO_ERRORS` flag. If this flag is not set, errors encountered during parsing result in a system assertion which shuts down the system. Even though the Valkey-bloom module correctly handled the parsing, it did not originally set the flag. Commit a68614b6e3845777d383b3a513cedcc08b3b7ccd contains a patch. One may mitigate this defect by disabling the `RESTORE` command if it is unused by one's application.

INFO

Published Date :

2026-02-24T00:24:15.677Z

Last Modified :

2026-02-26T14:38:37.387Z

Source :

GitHub_M
AFFECTED PRODUCTS

The following products are affected by CVE-2026-21864 vulnerability.

Vendors Products
Lfprojects
  • Valkey-bloom
Valkey-io
  • Valkey-bloom
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2026-21864.

URL Resource
https://github.com/valkey-io/valkey-bloom/commit/a68614b6e3845777d383b3a513cedcc08b3b7ccd cve-icon cve-icon
https://github.com/valkey-io/valkey-bloom/security/advisories/GHSA-mc2g-h759-3qw2 cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact