CVE-2025-26413
HIGHDescription
Improper Input Validation vulnerability in Apache Kvrocks. The SETRANGE command didn't check if the `offset` input is a positive integer and use it as an index of a string. So it will cause the server to crash due to its index is out of range. This issue affects Apache Kvrocks: through 2.11.1. Users are recommended to upgrade to version 2.12.0, which fixes the issue.
Is your site exposed to CVE-2025-26413?
Run a free security scan — no signup, results in seconds.
CVSS v3.1 Score
Weakness Type (CWE)
Affected Products
| Vendor | Product |
|---|---|
| apache | kvrocks |
References
Advisories & Patches
Other References
Frequently Asked Questions
What is CVE-2025-26413? +
How severe is CVE-2025-26413? +
What products are affected by CVE-2025-26413? +
How do I check if I'm vulnerable to CVE-2025-26413? +
Related Vulnerabilities
Zervit's portable HTTP/web server is vulnerable to remote DoS attacks when a configuration reset request is made. The vulnerability is …
A POST request sent to a specific webserver endpoint can be used to write to arbitrary file locations. The endpoint …
Penetration Testing engineers at Amazon have discovered a flaw where the camera system fails to properly handle data supplied in …
A security flaw was found in certain NETGEAR RAX models that could allow a logged-in user to send specially crafted …
A security flaw was discovered in the NETGEAR WAX333 Access Point that could allow someone already logged in and connected …
A security flaw was discovered in certain NETGEAR Nighthawk RAX series routers that could allow someone already logged in to …