Red Hat Product Errata RHSA-2026:13634 - Security Advisory Issued: 2026-05-05 Updated: 2026-05-05 RHSA-2026:13634 - Security Advisory Overview Updated Packages Synopsis Important: nginx security update Type/Severity Security Advisory: Important Red Hat Lightspeed patch analysis Identify and remediate systems affected by this advisory. View affected systems Topic An update for nginx is now available for Red Hat Enterprise Linux 10.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Description nginx is a web and proxy server supporting HTTP and other protocols, with a focus on high concurrency, performance, and low memory usage. Security Fix(es): nginx: NGINX: Denial of Service or Code Execution via specially crafted MP4 files (CVE-2026-32647) NGINX: NGINX: Denial of Service or file modification via buffer overflow in ngx_http_dav_module (CVE-2026-27654) NGINX: NGINX: Denial of Service due to memory corruption via crafted MP4 file (CVE-2026-27784) NGINX: NGINX: Denial of Service via undisclosed requests when ngx_mail_auth_http_module is enabled (CVE-2026-27651) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Solution For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 Affected Products Red Hat Enterprise Linux for x86_64 - Extended Update Support 10.0 x86_64 Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 10.0 s390x Red Hat Enterprise Linux for Power, little endian - Extended Update Support 10.0 ppc64le Red Hat Enterprise Linux for ARM 64 - Extended Update Support 10.0 aarch64 Red Hat CodeReady Linux Builder for x86_64 - Extended Update Support 10.0 x86_64 Red Hat CodeReady Linux Builder for Power, little endian - Extended Update Support 10.0 ppc64le Red Hat CodeReady Linux Builder for IBM z Systems - Extended Update Support 10.0 s390x Red Hat CodeReady Linux Builder for ARM 64 - Extended Update Support 10.0 aarch64 Red Hat Enterprise Linux for ARM 64 - 4 years of updates 10.0 aarch64 Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 10.0 s390x Red Hat Enterprise Linux for Power, little endian - 4 years of support 10.0 ppc64le Red Hat Enterprise Linux for x86_64 - 4 years of updates 10.0 x86_64 Fixes BZ - 2449598 - CVE-2026-32647 nginx: NGINX: Denial of Service or Code Execution via specially crafted MP4 files BZ - 2450776 - CVE-2026-27654 NGINX: NGINX: Denial of Service or file modification via buffer overflow in ngx_http_dav_module BZ - 2450785 - CVE-2026-27784 NGINX: NGINX: Denial of Service due to memory corruption via crafted MP4 file BZ - 2450791 - CVE-2026-27651 NGINX: NGINX: Denial of Service via undisclosed requests when ngx_mail_auth_http_module is enabled CVEs CVE-2026-27651 CVE-2026-27654 CVE-2026-27784 CVE-2026-32647 References https://access.redhat.com/security/updates/classification/#important Note: More recent versions of these packages may be available. Click a package name for more details. Red Hat Enterprise Linux for x86_64 - Extended Update Support 10.0 SRPM nginx-1.26.3-1.el10_0.8.src.rpm SHA-256: ba90000997865b49c34cdbd624b230451acefaef918b922a49f1bf6918a78572 x86_64 nginx-1.26.3-1.el10_0.8.x86_64.rpm SHA-256: a513811ae8e5ba25febce7669380c8712bce7a839797ae4b9c431f93e415bae3 nginx-all-modules-1.26.3-1.el10_0.8.noarch.rpm SHA-256: 19ba6e3cb299fc23d612ec603b0b42cbeff9d08d10d958aa3ef257f2331a13d1 nginx-core-1.26.3-1.el10_0.8.x86_64.rpm SHA-256: a97fda6e268a96e42650620b42ea087caae50346d296a1e94c74847f2e223b60 nginx-core-debuginfo-1.26.3-1.el10_0.8.x86_64.rpm SHA-256: eaae622410f768f2b05a69e8596f7a80a6ce5e8e56aa77eed114035f707bc3e2 nginx-debuginfo-1.26.3-1.el10_0.8.x86_64.rpm SHA-256: 4dd302479464b1755cb93ebbbc7ba5ff25e749f68a7de2cb855b50a6257f7a96 nginx-debugsource-1.26.3-1.el10_0.8.x86_64.rpm SHA-256: 455a6dc161574ffcd428e13c5272f0ccc7fa35ce4a1bdc4730fa2667c0bf79c1 nginx-filesystem-1.26.3-1.el10_0.8.noarch.rpm SHA-256: 20fb8e8ec8dac645ddc6de602e9c089fc9df91f3569c978eb061db2461775c69 nginx-mod-http-image-filter-1.26.3-1.el10_0.8.x86_64.rpm SHA-256: 4f0a4e8ba63998f390c8d7403c16bdb9041fb74a38974e917e7795efea6e55af nginx-mod-http-image-filter-debuginfo-1.26.3-1.el10_0.8.x86_64.rpm SHA-256: 7de7d9fde351785162a97df03d4798ab7a182447ac772622449e5ae0ea4d7abe nginx-mod-http-perl-1.26.3-1.el10_0.8.x86_64.rpm SHA-256: 1384ce6762928078a1338570a3cda76922385108d53a09a5a18a68cfa5092315 nginx-mod-http-perl-debuginfo-1.26.3-1.el10_0.8.x86_64.rpm SHA-256: 20f989ffdbe0853b103f4e138f7dacc7f5b9b0ba9271f9181c58be85459973ea nginx-mod-http-xslt-filter-1.26.3-1.el10_0.8.x86_64.rpm SHA-256: 66c72cca343fd39865d496d4d2612acab34f6d6b94e77fbd37cfced97b0ea09e nginx-mod-http-xslt-filter-debuginfo-1.26.3-1.el10_0.8.x86_64.rpm SHA-256: 2020d3bfd51ba5ade3d3eb186e37957707b2b36f37979f12f474e6ce5a4186b9 nginx-mod-mail-1.26.3-1.el10_0.8.x86_64.rpm SHA-256: feb27a6680e37364c85785cac5149514b6b72c03e9f8c91b07a1e67c128db07b nginx-mod-mail-debuginfo-1.26.3-1.el10_0.8.x86_64.rpm SHA-256: f3cacba1d677963b2a0164b28375487202abb3ef4dff6089d033242f7a696dc3 nginx-mod-stream-1.26.3-1.el10_0.8.x86_64.rpm SHA-256: dbcda6a97fcfbad64869c32d46144c7ec6d1a4ab9a95002a01e4f31d89208f3b nginx-mod-stream-debuginfo-1.26.3-1.el10_0.8.x86_64.rpm SHA-256: 8465c41c150bcb59f2bd2a08a7ffd7697713467273f0f6d81558dcc8d9842d81 Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 10.0 SRPM nginx-1.26.3-1.el10_0.8.src.rpm SHA-256: ba90000997865b49c34cdbd624b230451acefaef918b922a49f1bf6918a78572 s390x nginx-1.26.3-1.el10_0.8.s390x.rpm SHA-256: 7e042e5451af3c659c2ac2a3f8c47dde84130330b0f4f98e5ccfef7ae0a2dea8 nginx-all-modules-1.26.3-1.el10_0.8.noarch.rpm SHA-256: 19ba6e3cb299fc23d612ec603b0b42cbeff9d08d10d958aa3ef257f2331a13d1 nginx-core-1.26.3-1.el10_0.8.s390x.rpm SHA-256: 12c9a55409c57f811c1e3f179c85f80c9529389b178e7be9b5f63e107597e3c1 nginx-core-debuginfo-1.26.3-1.el10_0.8.s390x.rpm SHA-256: 75d55ee25e61a02832366fbcc633ac30726fe7323b7536c02496d81a31a05785 nginx-debuginfo-1.26.3-1.el10_0.8.s390x.rpm SHA-256: 48465921e3eaf60dc36ca2fc39c4b218de3c9008b5ac963fa4900d7508be6544 nginx-debugsource-1.26.3-1.el10_0.8.s390x.rpm SHA-256: 24c72caed439025afe15e7881b79b42b922954400f968acf808b39a1c4931eaf nginx-filesystem-1.26.3-1.el10_0.8.noarch.rpm SHA-256: 20fb8e8ec8dac645ddc6de602e9c089fc9df91f3569c978eb061db2461775c69 nginx-mod-http-image-filter-1.26.3-1.el10_0.8.s390x.rpm SHA-256: be639f76631cfa9afee72231a3ea24400a6ad0d5c8c8333bff0669ca6454002f nginx-mod-http-image-filter-debuginfo-1.26.3-1.el10_0.8.s390x.rpm SHA-256: c603caec75af9ebbeb616e9fd43694b7cce3a5628671490643c5ccfc321e3012 nginx-mod-http-perl-1.26.3-1.el10_0.8.s390x.rpm SHA-256: 2e694773c094495d036c952e5cceeec34778937d6a5681ec714db894c2050849 nginx-mod-http-perl-debuginfo-1.26.3-1.el10_0.8.s390x.rpm SHA-256: 75699be048969bca2871aefd982f7a8d5ea81cc2ec22fb9ca6bc24bad1336a61 nginx-mod-http-xslt-filter-1.26.3-1.el10_0.8.s390x.rpm SHA-256: 9b099e614570a0d9b0f9bd1aa4a70b468035b1ae366096716d5d43253924351a nginx-mod-http-xslt-filter-debuginfo-1.26.3-1.el10_0.8.s390x.rpm SHA-256: d24e5ba6c19f6031aeeebbf50b460c761cbc71bd51062fae8cd6cc2bfd88b2a0 nginx-mod-mail-1.26.3-1.el10_0.8.s390x.rpm SHA-256: ca4a733a1328f728fab1beaaa111eb4f59febd875bce2f1f18a1c612b09465d2 nginx-mod-mail-debuginfo-1.26.3-1.el10_0.8.s390x.rpm SHA-256: 00b17cb4aeecf186c7cf636b111c4fb275205d9bce111f421ba8b02948e3b4ff nginx-mod-stream-1.26.3-1.el10_0.8.s390x.rpm SHA-256: cfc148741db56f51c8cc2273b935ac9ee5ad172630a724f5f8f2e01c83139922 nginx-mod-stream-debuginfo-1.26.3-1.el10_0.8.s390x.rpm SHA-256: d73e76ab7abdd3e016e903a028a69290a08ad897d53d69692d8c8cbbff59c082 Red Hat Enterprise Linux for Power, little endian - Extended Update Support 10.0 SRPM nginx-1.26.3-1.el10_0.8.src.rpm SHA-256: ba90000997865b49c34cdbd624b230451acefaef918b922a49f1bf6918a78572 ppc64le nginx-1.26.3-1.el10_0.8.ppc64le.rpm SHA-256: 6145097088212135d189b02b1822c51a3a495bc9b119f35052985f23a84ce085 nginx-all-modules-1.26.3-1.el10_0.8.noarch.rpm SHA-256: 19ba6e3cb299fc23d612ec603b0b42cbeff9d08d10d958aa3ef257f2331a13d1 nginx-core-1.26.3-1.el10_0.8.ppc64le.rpm SHA-256: 16d6d3843f8bac95afca49f20cef50d57f1533ae41f741fc657f39d2d36b9c6b nginx-core-debuginfo-1.26.3-1.el10_0.8.ppc64le.rpm SHA-256: ff5e273498451cba9945dda39f40d5146e514ef8b16d0a61344b9b6e5804ae45 nginx-debuginfo-1.26.3-1.el10_0.8.ppc64le.rpm SHA-256: 12e65cc7bd38593665c06386a6f5a0ae7e815d98662c29cb2bd8efce2bf216e9 nginx-debugsource-1.26.3-1.el10_0.8.ppc64le.rpm SHA-256: 3c90d06c6db0fb548bde6f3fed4d255c975f6b8a7963a3cf352f3086a11e4a34 nginx-filesystem-1.26.3-1.el10_0.8.noarch.rpm SHA-256: 20fb8e8ec8dac645ddc6de602e9c089fc9df91f3569c978eb061db2461775c69 nginx-mod-http-image-filter-1.26.3-1.el10_0.8.ppc64le.rpm SHA-256: c610faed85e060f14b3546b5cf7e6a1206a689d6d01f7a6a86d7422ef7203247 nginx-mod-http-image-filter-debuginfo-1.26.3-1.el10_0.8.ppc64le.rpm SHA-256: 682d058c128bc0daf1f683af3ff38afdd32c93944a559fa2757ce106cfa7346d nginx-mod-http-perl-1.26.3-1.el10_0.8.ppc64le.rpm SHA-256: 9990637896da102e65bfc6a6f7a9cb61e349050f8a3cacd898935376af83be31 nginx-mod-http-perl-debuginfo-1.26.3-1.el10_0.8.ppc64le.rpm SHA-256: 76c0dcfb503eba787896db0ca181989314b3f60260cdb3663e1fc5a04f62da47 nginx-mod-http-xslt-filter-1.26.3-1.el10_0.8.ppc64le.rpm SHA-256: c241be35fab4d5392cbdbc964a75eca445e77b2eadecafd9f5fcd3aa128540e8 nginx-mod-http-xslt-filter-debuginfo-1.26.3-1.el10_0.8.ppc64le.rpm SHA-256: a78fe7598498331a5a93307e04ee69fdb3e6b71a254538f0389c647d8aff95d6 nginx-mod-mail-1.26.3-1.el10_0.8.ppc64le.rpm SHA-256: 7a40120141f8804c1adcae752ee2f8c93b0f6e4ad71938414584a123254db977 nginx-mod-mail-debuginfo-1.26.3-1.el10_0.8.ppc64le.rpm SHA-256: