Red Hat Product Errata RHSA-2026:13839 - Security Advisory Issued: 2026-05-05 Updated: 2026-05-05 RHSA-2026:13839 - Security Advisory Overview Updated Packages Synopsis Important: nginx security update Type/Severity Security Advisory: Important Red Hat Lightspeed patch analysis Identify and remediate systems affected by this advisory. View affected systems Topic An update for nginx is now available for Red Hat Enterprise Linux 9.4 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Description nginx is a web and proxy server supporting HTTP and other protocols, with a focus on high concurrency, performance, and low memory usage. Security Fix(es): nginx: NGINX: Denial of Service or Code Execution via specially crafted MP4 files (CVE-2026-32647) NGINX: NGINX: Denial of Service or file modification via buffer overflow in ngx_http_dav_module (CVE-2026-27654) NGINX: NGINX: Denial of Service due to memory corruption via crafted MP4 file (CVE-2026-27784) NGINX: NGINX: Denial of Service via undisclosed requests when ngx_mail_auth_http_module is enabled (CVE-2026-27651) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Solution For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 Affected Products Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.4 x86_64 Red Hat Enterprise Linux Server - AUS 9.4 x86_64 Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 9.4 s390x Red Hat Enterprise Linux for Power, little endian - Extended Update Support 9.4 ppc64le Red Hat Enterprise Linux for ARM 64 - Extended Update Support 9.4 aarch64 Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.4 ppc64le Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.4 x86_64 Red Hat CodeReady Linux Builder for x86_64 - Extended Update Support 9.4 x86_64 Red Hat CodeReady Linux Builder for Power, little endian - Extended Update Support 9.4 ppc64le Red Hat CodeReady Linux Builder for IBM z Systems - Extended Update Support 9.4 s390x Red Hat CodeReady Linux Builder for ARM 64 - Extended Update Support 9.4 aarch64 Red Hat Enterprise Linux for ARM 64 - 4 years of updates 9.4 aarch64 Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 9.4 s390x Red Hat Enterprise Linux for x86_64 - Extended Life Cycle 9.4 x86_64 Red Hat Enterprise Linux for ARM 64 - Extended Life Cycle 9.4 aarch64 Red Hat Enterprise Linux for Power, little endian - Extended Life Cycle 9.4 ppc64le Red Hat Enterprise Linux for IBM z Systems - Extended Life Cycle 9.4 s390x Fixes BZ - 2449598 - CVE-2026-32647 nginx: NGINX: Denial of Service or Code Execution via specially crafted MP4 files BZ - 2450776 - CVE-2026-27654 NGINX: NGINX: Denial of Service or file modification via buffer overflow in ngx_http_dav_module BZ - 2450785 - CVE-2026-27784 NGINX: NGINX: Denial of Service due to memory corruption via crafted MP4 file BZ - 2450791 - CVE-2026-27651 NGINX: NGINX: Denial of Service via undisclosed requests when ngx_mail_auth_http_module is enabled CVEs CVE-2026-27651 CVE-2026-27654 CVE-2026-27784 CVE-2026-32647 References https://access.redhat.com/security/updates/classification/#important Note: More recent versions of these packages may be available. Click a package name for more details. Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.4 SRPM nginx-1.20.1-16.el9_4.5.src.rpm SHA-256: 344a747bdc5594c6a3b627ba178e5617ec9a2d19fc2a7325142a807a33e299c0 x86_64 nginx-1.20.1-16.el9_4.5.x86_64.rpm SHA-256: f1bedd95ee11aa9e6a40f52f4306e677fce677008d7cdebce17caaea10f53c7a nginx-all-modules-1.20.1-16.el9_4.5.noarch.rpm SHA-256: 9d247370693e92b9f00997b76460ef34598a595171cb926c8152f29be81f5e9f nginx-core-1.20.1-16.el9_4.5.x86_64.rpm SHA-256: b5805605b414fe8ecb139d9e611506fb65973d29651dc592e46879f758b5e78f nginx-core-debuginfo-1.20.1-16.el9_4.5.x86_64.rpm SHA-256: fe41669dc74954b94c8c6749006684fa672585ebe66050a69e3d72fb532553d1 nginx-debuginfo-1.20.1-16.el9_4.5.x86_64.rpm SHA-256: 0fe59427a40ddb14efbbee53e56566a08c2dcff747a7f4b09f812c92f1362fab nginx-debugsource-1.20.1-16.el9_4.5.x86_64.rpm SHA-256: f8ebfe428039ce38177c7d586f92df6f0fdb8f49114e2c943f4930e88883e1ac nginx-filesystem-1.20.1-16.el9_4.5.noarch.rpm SHA-256: f2d3669f6f3fb5bf5b36e3b9c6ecde0acb96119cfbb71e5bcd62707d3282b51f nginx-mod-http-image-filter-1.20.1-16.el9_4.5.x86_64.rpm SHA-256: 687329645a451b6f2aa8f13b094e08948cd5bed00c68f70d9a07a4805c9319bf nginx-mod-http-image-filter-debuginfo-1.20.1-16.el9_4.5.x86_64.rpm SHA-256: 87dd21aaf33dd629c5338a94410975e344e0ddc04d59586c7680a6545cc6787b nginx-mod-http-perl-1.20.1-16.el9_4.5.x86_64.rpm SHA-256: 7660b0c53bbf0664a8b79181ff4c621a57037638448cd7e395abd72b76ba39ee nginx-mod-http-perl-debuginfo-1.20.1-16.el9_4.5.x86_64.rpm SHA-256: ddb382c8a85caa335c3c109427f6871eef857833ca6006cef09b329cbd10db32 nginx-mod-http-xslt-filter-1.20.1-16.el9_4.5.x86_64.rpm SHA-256: 870b8f21c2caaaf8dda7bdfcc4051bc6887b3e63be0553a183f4a2777032bdf0 nginx-mod-http-xslt-filter-debuginfo-1.20.1-16.el9_4.5.x86_64.rpm SHA-256: 36cefb115ca974400300727e852ff3799bd4b9699e0505cc8c6301f81eaf1e5d nginx-mod-mail-1.20.1-16.el9_4.5.x86_64.rpm SHA-256: face7ab6d820024dbfec65c978e2c020b8ec637e575394fe52bed2b983200e9c nginx-mod-mail-debuginfo-1.20.1-16.el9_4.5.x86_64.rpm SHA-256: e9f401f1083660c1cd5924da8aafb1c21c4157c2340489f177f14a0510a7506e nginx-mod-stream-1.20.1-16.el9_4.5.x86_64.rpm SHA-256: f8977d66d4bea727af1805664ffff6a1b86ace00142f865e6491a02687fe5cf2 nginx-mod-stream-debuginfo-1.20.1-16.el9_4.5.x86_64.rpm SHA-256: 4dfa1ed194a137cad9e62034311a4d3273daac5ee91a8002ac6f645db3e92e70 Red Hat Enterprise Linux Server - AUS 9.4 SRPM nginx-1.20.1-16.el9_4.5.src.rpm SHA-256: 344a747bdc5594c6a3b627ba178e5617ec9a2d19fc2a7325142a807a33e299c0 x86_64 nginx-1.20.1-16.el9_4.5.x86_64.rpm SHA-256: f1bedd95ee11aa9e6a40f52f4306e677fce677008d7cdebce17caaea10f53c7a nginx-all-modules-1.20.1-16.el9_4.5.noarch.rpm SHA-256: 9d247370693e92b9f00997b76460ef34598a595171cb926c8152f29be81f5e9f nginx-core-1.20.1-16.el9_4.5.x86_64.rpm SHA-256: b5805605b414fe8ecb139d9e611506fb65973d29651dc592e46879f758b5e78f nginx-core-debuginfo-1.20.1-16.el9_4.5.x86_64.rpm SHA-256: fe41669dc74954b94c8c6749006684fa672585ebe66050a69e3d72fb532553d1 nginx-debuginfo-1.20.1-16.el9_4.5.x86_64.rpm SHA-256: 0fe59427a40ddb14efbbee53e56566a08c2dcff747a7f4b09f812c92f1362fab nginx-debugsource-1.20.1-16.el9_4.5.x86_64.rpm SHA-256: f8ebfe428039ce38177c7d586f92df6f0fdb8f49114e2c943f4930e88883e1ac nginx-filesystem-1.20.1-16.el9_4.5.noarch.rpm SHA-256: f2d3669f6f3fb5bf5b36e3b9c6ecde0acb96119cfbb71e5bcd62707d3282b51f nginx-mod-http-image-filter-1.20.1-16.el9_4.5.x86_64.rpm SHA-256: 687329645a451b6f2aa8f13b094e08948cd5bed00c68f70d9a07a4805c9319bf nginx-mod-http-image-filter-debuginfo-1.20.1-16.el9_4.5.x86_64.rpm SHA-256: 87dd21aaf33dd629c5338a94410975e344e0ddc04d59586c7680a6545cc6787b nginx-mod-http-perl-1.20.1-16.el9_4.5.x86_64.rpm SHA-256: 7660b0c53bbf0664a8b79181ff4c621a57037638448cd7e395abd72b76ba39ee nginx-mod-http-perl-debuginfo-1.20.1-16.el9_4.5.x86_64.rpm SHA-256: ddb382c8a85caa335c3c109427f6871eef857833ca6006cef09b329cbd10db32 nginx-mod-http-xslt-filter-1.20.1-16.el9_4.5.x86_64.rpm SHA-256: 870b8f21c2caaaf8dda7bdfcc4051bc6887b3e63be0553a183f4a2777032bdf0 nginx-mod-http-xslt-filter-debuginfo-1.20.1-16.el9_4.5.x86_64.rpm SHA-256: 36cefb115ca974400300727e852ff3799bd4b9699e0505cc8c6301f81eaf1e5d nginx-mod-mail-1.20.1-16.el9_4.5.x86_64.rpm SHA-256: face7ab6d820024dbfec65c978e2c020b8ec637e575394fe52bed2b983200e9c nginx-mod-mail-debuginfo-1.20.1-16.el9_4.5.x86_64.rpm SHA-256: e9f401f1083660c1cd5924da8aafb1c21c4157c2340489f177f14a0510a7506e nginx-mod-stream-1.20.1-16.el9_4.5.x86_64.rpm SHA-256: f8977d66d4bea727af1805664ffff6a1b86ace00142f865e6491a02687fe5cf2 nginx-mod-stream-debuginfo-1.20.1-16.el9_4.5.x86_64.rpm SHA-256: 4dfa1ed194a137cad9e62034311a4d3273daac5ee91a8002ac6f645db3e92e70 Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 9.4 SRPM nginx-1.20.1-16.el9_4.5.src.rpm SHA-256: 344a747bdc5594c6a3b627ba178e5617ec9a2d19fc2a7325142a807a33e299c0 s390x nginx-1.20.1-16.el9_4.5.s390x.rpm SHA-256: d59bcafffdaf83e2d45fefc737c1ce8b5aca1efaf0afe8c7c19edfb49fbfce31 nginx-all-modules-1.20.1-16.el9_4.5.noarch.rpm SHA-256: 9d247370693e92b9f00997b76460ef34598a595171cb926c8152f29be81f5e9f nginx-core-1.20.1-16.el9_4.5.s390x.rpm SHA-256: 90b0b58da6775ac7987fc622067e63a98365cbcce1c8393d17b93450adfad1f7 nginx-core-debuginfo-1.20.1-16.el9_4.5.s390x.rpm SHA-256: 4463d2c90c323395a921115f7279e4862578fe4dc24501f1596a5e6ff9f07047 nginx-debuginfo-1.20.1-16.el9_4.5.s390x.rpm SHA-256: ba4d893542266a9712102f39a0b3f85a76dadd733350dcb1816dac256622aca5 nginx-debugsource-1.20.1-16.el9_4.5.s390x.rpm SHA-256: fd2c91d7dd536177f0f9cc0790f17ccba18a5504de29c42661a5ffa20d33d46a nginx-filesystem-1.20.1-16.el9_4.5.noarch.rpm SHA-256: f2d3669f6f3fb5bf5b36e3b9c6ecde0acb96119cfbb71e5bcd62707d3282b51f nginx-mod-http-image-filter-1.20.1-16.el9_4.5.s390x.rpm SHA-256: b15aec2876c4bb0ce055baaf45a905a973b5e5a4e18928ba0d128c861ff665b5 nginx-mod-http-image-filter-debuginfo-1.20.1-16.el9_4.5.s390x.rpm SHA-256: 3fa4acc7d067dacbad09adcebbac4a7f309909ea810d371dca3db2f287afeaff nginx-mod-http-perl-1.20.1-16.el9_4.5.s390x.rpm SHA-256: 865ae278f9f6d5bac25733dcfe81093156a262a4fa409a8408a9bce534c8a08d nginx-mod-http-perl-debuginfo-1.20.1-16.el9_4.5.s390x.rpm SHA-256: 61c53890fab4fb090c6542bf0a198587da67e902c71b7109a787800cb46d975b nginx-mod-http-xslt-filter-1.20.1-16.el9_4.5.s390x.rpm SHA-256: 8c96458619247cfbc31bffabb7e4b42f50631194b4fa7b526901fac029c2e3ee ng