Redis Lua HEAP overflow in cjson lib (Kvrocks 2.0.42.15.0)
CVE-2026-46752 Published on June 25, 2026

Apache Kvrocks: Stack buffer overflow in Lua bit.tohex()
Redis Lua HEAP overflow in cjson library vulnerability in Apache Kvrocks. This issue affects Apache Kvrocks: from 2.0.4 through 2.15.0. Users are recommended to upgrade to version 2.16.0, which fixes the issue.

Vendor Advisory NVD

Weakness Type

Heap-based Buffer Overflow

A heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc().

Products Associated with CVE-2026-46752

Want to know whenever a new CVE is published for Apache Kvrocks? stack.watch will email you.

Apache Kvrocks

Affected Versions

Apache Software Foundation Apache Kvrocks:

Version 2.0.4, <= 2.15.0 is affected.

Redis Lua HEAP overflow in cjson lib (Kvrocks 2.0.42.15.0)CVE-2026-46752 Published on June 25, 2026

Weakness Type

Heap-based Buffer Overflow

Products Associated with CVE-2026-46752

Affected Versions

Redis Lua HEAP overflow in cjson lib (Kvrocks 2.0.42.15.0)
CVE-2026-46752 Published on June 25, 2026