Red Hat Product Errata RHSA-2026:13680 - Security Advisory Issued: 2026-05-05 Updated: 2026-05-05 RHSA-2026:13680 - Security Advisory Overview Updated Packages Synopsis Important: nginx security update Type/Severity Security Advisory: Important Red Hat Lightspeed patch analysis Identify and remediate systems affected by this advisory. View affected systems Topic An update for nginx is now available for Red Hat Enterprise Linux 9.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Description nginx is a web and proxy server supporting HTTP and other protocols, with a focus on high concurrency, performance, and low memory usage. Security Fix(es): nginx: NGINX: Denial of Service or Code Execution via specially crafted MP4 files (CVE-2026-32647) NGINX: NGINX: Denial of Service or file modification via buffer overflow in ngx_http_dav_module (CVE-2026-27654) NGINX: NGINX: Denial of Service due to memory corruption via crafted MP4 file (CVE-2026-27784) NGINX: NGINX: Denial of Service via undisclosed requests when ngx_mail_auth_http_module is enabled (CVE-2026-27651) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Solution For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 Affected Products Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.6 x86_64 Red Hat Enterprise Linux Server - AUS 9.6 x86_64 Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 9.6 s390x Red Hat Enterprise Linux for Power, little endian - Extended Update Support 9.6 ppc64le Red Hat Enterprise Linux for ARM 64 - Extended Update Support 9.6 aarch64 Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.6 ppc64le Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.6 x86_64 Red Hat CodeReady Linux Builder for x86_64 - Extended Update Support 9.6 x86_64 Red Hat CodeReady Linux Builder for Power, little endian - Extended Update Support 9.6 ppc64le Red Hat CodeReady Linux Builder for IBM z Systems - Extended Update Support 9.6 s390x Red Hat CodeReady Linux Builder for ARM 64 - Extended Update Support 9.6 aarch64 Red Hat Enterprise Linux for ARM 64 - 4 years of updates 9.6 aarch64 Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 9.6 s390x Red Hat Enterprise Linux for x86_64 - Extended Life Cycle 9.6 x86_64 Red Hat Enterprise Linux for ARM 64 - Extended Life Cycle 9.6 aarch64 Red Hat Enterprise Linux for Power, little endian - Extended Life Cycle 9.6 ppc64le Red Hat Enterprise Linux for IBM z Systems - Extended Life Cycle 9.6 s390x Fixes BZ - 2449598 - CVE-2026-32647 nginx: NGINX: Denial of Service or Code Execution via specially crafted MP4 files BZ - 2450776 - CVE-2026-27654 NGINX: NGINX: Denial of Service or file modification via buffer overflow in ngx_http_dav_module BZ - 2450785 - CVE-2026-27784 NGINX: NGINX: Denial of Service due to memory corruption via crafted MP4 file BZ - 2450791 - CVE-2026-27651 NGINX: NGINX: Denial of Service via undisclosed requests when ngx_mail_auth_http_module is enabled CVEs CVE-2026-27651 CVE-2026-27654 CVE-2026-27784 CVE-2026-32647 References https://access.redhat.com/security/updates/classification/#important Note: More recent versions of these packages may be available. Click a package name for more details. Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.6 SRPM nginx-1.20.1-22.el9_6.5.src.rpm SHA-256: 082a5e72527a3cc38104486a67705f056887df70cb9505a5d30cb2fa6eb6f0e9 x86_64 nginx-1.20.1-22.el9_6.5.x86_64.rpm SHA-256: 0aa62e51f82901b6eca858a2af86d109ed4b2321bad45467b8a05756dda51767 nginx-all-modules-1.20.1-22.el9_6.5.noarch.rpm SHA-256: 61226acc03de7aca297135d7038264a4ca153bd8d8902d54d58b6d5f209a68f4 nginx-core-1.20.1-22.el9_6.5.x86_64.rpm SHA-256: 0961a3fff1bafc7c08b406491756e534d2e9d8621b10ecbc6c9e7d88c71e5ed4 nginx-core-debuginfo-1.20.1-22.el9_6.5.x86_64.rpm SHA-256: 5c3ca8c5dee0169001463d6bb92a618fc90af31bbaf70f906b87db59a6734640 nginx-debuginfo-1.20.1-22.el9_6.5.x86_64.rpm SHA-256: 3908f6b32df912d47b78c0c014285b7b992a8f1992be7c5c4b256ef885ab36e5 nginx-debugsource-1.20.1-22.el9_6.5.x86_64.rpm SHA-256: f2976f2457620e7520475636bf211bbbb460cc01a1c32fb7b7d8226d311a5610 nginx-filesystem-1.20.1-22.el9_6.5.noarch.rpm SHA-256: 27a167fcdb578d2f24d2df851ade0f8f7c63726be23e0db9e7c9f2e9ae436b3e nginx-mod-http-image-filter-1.20.1-22.el9_6.5.x86_64.rpm SHA-256: 2fbc8c78462f386df8f0018f5fbc7813b93bbc9dc4cb2dfc1f9f402e886290fb nginx-mod-http-image-filter-debuginfo-1.20.1-22.el9_6.5.x86_64.rpm SHA-256: 7badc61a0bbb020f2b9c43b8cf4428ff058d7f4e352fe000849ee0cee9a63092 nginx-mod-http-perl-1.20.1-22.el9_6.5.x86_64.rpm SHA-256: 1a93ad914a4fac1ee1320bfed022ececb7422b695565254bcd344ee4d1d74ebc nginx-mod-http-perl-debuginfo-1.20.1-22.el9_6.5.x86_64.rpm SHA-256: c6992eeae4c706c2abc1666901276565d0be6ad55917ab891c894f91dadde032 nginx-mod-http-xslt-filter-1.20.1-22.el9_6.5.x86_64.rpm SHA-256: 68276c364cab1b6b8feb550359ac353f55a087cb4704518ea8afb140b2d355c2 nginx-mod-http-xslt-filter-debuginfo-1.20.1-22.el9_6.5.x86_64.rpm SHA-256: dd9bea33fe2b0769ed7c14d086a4e4adbab4067bbe15614a9a55eb834ddc9b98 nginx-mod-mail-1.20.1-22.el9_6.5.x86_64.rpm SHA-256: 3cb65b56732d64bf508261f89dd0f3ec1de7d6281152da62ace4185c425a52dd nginx-mod-mail-debuginfo-1.20.1-22.el9_6.5.x86_64.rpm SHA-256: 2dd206f10a7ea7096a43fce320ae5123729568536ce2aa57aab3538477ea5064 nginx-mod-stream-1.20.1-22.el9_6.5.x86_64.rpm SHA-256: 0613995a1f8a36775cd6e559e88f706a76a43fffee432180e584906c4fd5eb0e nginx-mod-stream-debuginfo-1.20.1-22.el9_6.5.x86_64.rpm SHA-256: b52535e2650eccc1e8324ac2b76953ac90605c32907569242718df26941f4f5a Red Hat Enterprise Linux Server - AUS 9.6 SRPM nginx-1.20.1-22.el9_6.5.src.rpm SHA-256: 082a5e72527a3cc38104486a67705f056887df70cb9505a5d30cb2fa6eb6f0e9 x86_64 nginx-1.20.1-22.el9_6.5.x86_64.rpm SHA-256: 0aa62e51f82901b6eca858a2af86d109ed4b2321bad45467b8a05756dda51767 nginx-all-modules-1.20.1-22.el9_6.5.noarch.rpm SHA-256: 61226acc03de7aca297135d7038264a4ca153bd8d8902d54d58b6d5f209a68f4 nginx-core-1.20.1-22.el9_6.5.x86_64.rpm SHA-256: 0961a3fff1bafc7c08b406491756e534d2e9d8621b10ecbc6c9e7d88c71e5ed4 nginx-core-debuginfo-1.20.1-22.el9_6.5.x86_64.rpm SHA-256: 5c3ca8c5dee0169001463d6bb92a618fc90af31bbaf70f906b87db59a6734640 nginx-debuginfo-1.20.1-22.el9_6.5.x86_64.rpm SHA-256: 3908f6b32df912d47b78c0c014285b7b992a8f1992be7c5c4b256ef885ab36e5 nginx-debugsource-1.20.1-22.el9_6.5.x86_64.rpm SHA-256: f2976f2457620e7520475636bf211bbbb460cc01a1c32fb7b7d8226d311a5610 nginx-filesystem-1.20.1-22.el9_6.5.noarch.rpm SHA-256: 27a167fcdb578d2f24d2df851ade0f8f7c63726be23e0db9e7c9f2e9ae436b3e nginx-mod-http-image-filter-1.20.1-22.el9_6.5.x86_64.rpm SHA-256: 2fbc8c78462f386df8f0018f5fbc7813b93bbc9dc4cb2dfc1f9f402e886290fb nginx-mod-http-image-filter-debuginfo-1.20.1-22.el9_6.5.x86_64.rpm SHA-256: 7badc61a0bbb020f2b9c43b8cf4428ff058d7f4e352fe000849ee0cee9a63092 nginx-mod-http-perl-1.20.1-22.el9_6.5.x86_64.rpm SHA-256: 1a93ad914a4fac1ee1320bfed022ececb7422b695565254bcd344ee4d1d74ebc nginx-mod-http-perl-debuginfo-1.20.1-22.el9_6.5.x86_64.rpm SHA-256: c6992eeae4c706c2abc1666901276565d0be6ad55917ab891c894f91dadde032 nginx-mod-http-xslt-filter-1.20.1-22.el9_6.5.x86_64.rpm SHA-256: 68276c364cab1b6b8feb550359ac353f55a087cb4704518ea8afb140b2d355c2 nginx-mod-http-xslt-filter-debuginfo-1.20.1-22.el9_6.5.x86_64.rpm SHA-256: dd9bea33fe2b0769ed7c14d086a4e4adbab4067bbe15614a9a55eb834ddc9b98 nginx-mod-mail-1.20.1-22.el9_6.5.x86_64.rpm SHA-256: 3cb65b56732d64bf508261f89dd0f3ec1de7d6281152da62ace4185c425a52dd nginx-mod-mail-debuginfo-1.20.1-22.el9_6.5.x86_64.rpm SHA-256: 2dd206f10a7ea7096a43fce320ae5123729568536ce2aa57aab3538477ea5064 nginx-mod-stream-1.20.1-22.el9_6.5.x86_64.rpm SHA-256: 0613995a1f8a36775cd6e559e88f706a76a43fffee432180e584906c4fd5eb0e nginx-mod-stream-debuginfo-1.20.1-22.el9_6.5.x86_64.rpm SHA-256: b52535e2650eccc1e8324ac2b76953ac90605c32907569242718df26941f4f5a Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 9.6 SRPM nginx-1.20.1-22.el9_6.5.src.rpm SHA-256: 082a5e72527a3cc38104486a67705f056887df70cb9505a5d30cb2fa6eb6f0e9 s390x nginx-1.20.1-22.el9_6.5.s390x.rpm SHA-256: 7d96c0adc0adff4e87507f5f59ac98f53c9c00648b22797113ce5ba78bb16878 nginx-all-modules-1.20.1-22.el9_6.5.noarch.rpm SHA-256: 61226acc03de7aca297135d7038264a4ca153bd8d8902d54d58b6d5f209a68f4 nginx-core-1.20.1-22.el9_6.5.s390x.rpm SHA-256: 7d277a5ec307c10730e8299cb593711e9735ab076db2f2fa1bfd70db46276422 nginx-core-debuginfo-1.20.1-22.el9_6.5.s390x.rpm SHA-256: 36ce1a532d13e6e686572bd78213a7949add1c3b1b046798db414f18b94292cc nginx-debuginfo-1.20.1-22.el9_6.5.s390x.rpm SHA-256: e37115c2aaf7bdd1585570edf13d00a0c361d05f6948ea007d0bf37e4f82127e nginx-debugsource-1.20.1-22.el9_6.5.s390x.rpm SHA-256: dbb7b9c878504edbdf24fb6b1bc981fa84076d2cd8d2d9f921eb4b095dbfaf13 nginx-filesystem-1.20.1-22.el9_6.5.noarch.rpm SHA-256: 27a167fcdb578d2f24d2df851ade0f8f7c63726be23e0db9e7c9f2e9ae436b3e nginx-mod-http-image-filter-1.20.1-22.el9_6.5.s390x.rpm SHA-256: 49811fa3dd3fe0ca6c2d8276fd0386fd876f785db6bf98387db5b7d8d0a300cc nginx-mod-http-image-filter-debuginfo-1.20.1-22.el9_6.5.s390x.rpm SHA-256: 3a4a3d8686dae8264b39e48560c38cec004f11fb107a58e1f29f545d3a0345da nginx-mod-http-perl-1.20.1-22.el9_6.5.s390x.rpm SHA-256: 9f11adaf6e9a803bf74a7ef8ad96b85a17be8b1f7568d8df9f9d5613586968f7 nginx-mod-http-perl-debuginfo-1.20.1-22.el9_6.5.s390x.rpm SHA-256: d7695509115217d8e648f0fd15bdf75e641ea47189b29acad023061046efdb58 nginx-mod-http-xslt-filter-1.20.1-22.el9_6.5.s390x.rpm SHA-256: 2e00d1134e620ba7b41ef789bc3027ba247e10512c11492b409a07c123b2696f nginx-mod-ht