This Red Hat security advisory addresses four Important-severity vulnerabilities in nginx, including remote code execution or denial of service via specially crafted MP4 files (CVE-2026-32647), a buffer overflow in the ngx_http_dav_module (CVE-2026-27654), memory corruption via crafted MP4 files (CVE-2026-27784), and a DoS via undisclosed requests when ngx_mail_auth_http_module is enabled (CVE-2026-27651). The advisory applies to nginx packages for Red Hat Enterprise Linux 9.2 across multiple architectures and update services. Administrators should apply the update referenced in the advisory via the provided Red Hat solution article.
Red Hat Product Errata RHSA-2026:14836 - Security Advisory Issued: 2026-05-07 Updated: 2026-05-07 RHSA-2026:14836 - Security Advisory Overview Updated Packages Synopsis Important: nginx security update Type/Severity Security Advisory: Important Red Hat Lightspeed patch analysis Identify and remediate systems affected by this advisory. View affected systems Topic An update for nginx is now available for Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Description nginx is a web and proxy server supporting HTTP and other protocols, with a focus on high concurrency, performance, and low memory usage. Security Fix(es): nginx: NGINX: Denial of Service or Code Execution via specially crafted MP4 files (CVE-2026-32647) NGINX: NGINX: Denial of Service or file modification via buffer overflow in ngx_http_dav_module (CVE-2026-27654) NGINX: NGINX: Denial of Service due to memory corruption via crafted MP4 file (CVE-2026-27784) NGINX: NGINX: Denial of Service via undisclosed requests when ngx_mail_auth_http_module is enabled (CVE-2026-27651) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Solution For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 Affected Products Red Hat Enterprise Linux Server - AUS 9.2 x86_64 Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.2 ppc64le Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.2 x86_64 Red Hat Enterprise Linux for ARM 64 - 4 years of updates 9.2 aarch64 Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 9.2 s390x Red Hat Enterprise Linux for x86_64 - Extended Life Cycle 9.2 x86_64 Red Hat Enterprise Linux for ARM 64 - Extended Life Cycle 9.2 aarch64 Red Hat Enterprise Linux for Power, little endian - Extended Life Cycle 9.2 ppc64le Red Hat Enterprise Linux for IBM z Systems - Extended Life Cycle 9.2 s390x Fixes BZ - 2449598 - CVE-2026-32647 nginx: NGINX: Denial of Service or Code Execution via specially crafted MP4 files BZ - 2450776 - CVE-2026-27654 NGINX: NGINX: Denial of Service or file modification via buffer overflow in ngx_http_dav_module BZ - 2450785 - CVE-2026-27784 NGINX: NGINX: Denial of Service due to memory corruption via crafted MP4 file BZ - 2450791 - CVE-2026-27651 NGINX: NGINX: Denial of Service via undisclosed requests when ngx_mail_auth_http_module is enabled CVEs CVE-2026-27651 CVE-2026-27654 CVE-2026-27784 CVE-2026-32647 References https://access.redhat.com/security/updates/classification/#important Note: More recent versions of these packages may be available. Click a package name for more details. Red Hat Enterprise Linux Server - AUS 9.2 SRPM nginx-1.20.1-14.el9_2.5.src.rpm SHA-256: c02d53dc3b86112b7ed2bcfb75ef19fe916a5a468aac17224232857682229bd8 x86_64 nginx-1.20.1-14.el9_2.5.x86_64.rpm SHA-256: 6d0f7d82257ac1ce62654145a8f5afe2b61ca76ed45e0847d732b6628390a8fe nginx-all-modules-1.20.1-14.el9_2.5.noarch.rpm SHA-256: 0de510acff58b17fa9a5c2c42385cd592478d647386e11f79d858c34f6bf3b71 nginx-core-1.20.1-14.el9_2.5.x86_64.rpm SHA-256: 88c7620c796d6f266c42dea8f6c3863f0d61b20efafc37cfccf562b0012fa37d nginx-core-debuginfo-1.20.1-14.el9_2.5.x86_64.rpm SHA-256: e3505a73fc98d18831f4926cc2b3c7de797d983307a7db0e89724896bf06cbab nginx-debuginfo-1.20.1-14.el9_2.5.x86_64.rpm SHA-256: 81cdfc8fa80e52a13cf9125afe8e837e2a4259d51209bfe3d4aa6eb22f00a56b nginx-debugsource-1.20.1-14.el9_2.5.x86_64.rpm SHA-256: 15092709ee9ec3c489bc63a9b0559eabd56ae83cbf600b11057fcc1b70ff7571 nginx-filesystem-1.20.1-14.el9_2.5.noarch.rpm SHA-256: f1f5d2fb3a3dac0d4f2034c14877131ded3b1c2d2fbc75c74f18294b94fe05d5 nginx-mod-http-image-filter-1.20.1-14.el9_2.5.x86_64.rpm SHA-256: 17744437136f70046a40a638442c88a383315e9dc1370c0a89849e8779fc52ee nginx-mod-http-image-filter-debuginfo-1.20.1-14.el9_2.5.x86_64.rpm SHA-256: 601da72f4a805c84f70c01aa29f62088361064cdf43352bfed269996bfd93fae nginx-mod-http-perl-1.20.1-14.el9_2.5.x86_64.rpm SHA-256: 567b13a25014f7c74131566171d5fec9ec231f63e9b914b6d169e3fa2a9137ac nginx-mod-http-perl-debuginfo-1.20.1-14.el9_2.5.x86_64.rpm SHA-256: be4a5431985000cb1094e31060a5766b7d4bc211e630d32fc4455abb41c5ded5 nginx-mod-http-xslt-filter-1.20.1-14.el9_2.5.x86_64.rpm SHA-256: 7c239e55a5673f2bab0ce6b8ed6e1258bd57f6d4194f9404bbd3bf25258ee935 nginx-mod-http-xslt-filter-debuginfo-1.20.1-14.el9_2.5.x86_64.rpm SHA-256: 1b30599a26a58143ed1ceafd8eae233f25a34efe5f640dd0a5ccf8f9cf683b7f nginx-mod-mail-1.20.1-14.el9_2.5.x86_64.rpm SHA-256: 4e471fc5c64064f5291fc96db4b1fee6eb6e5703ec296ec1ed1aa853f957c969 nginx-mod-mail-debuginfo-1.20.1-14.el9_2.5.x86_64.rpm SHA-256: 2fe24c4ff3a1e1b4925c7c671f62bc6efee31f4a750f0185bc0cbe9c3f02748f nginx-mod-stream-1.20.1-14.el9_2.5.x86_64.rpm SHA-256: 6afae46b01c52eb0ce361d7b82720053b41f6c9374bc088e16d401a1dd2c7170 nginx-mod-stream-debuginfo-1.20.1-14.el9_2.5.x86_64.rpm SHA-256: b964e6b4e5254518d585a8a0dda0791c46e39a191fad6ba00a7f48fd86acaae8 Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.2 SRPM nginx-1.20.1-14.el9_2.5.src.rpm SHA-256: c02d53dc3b86112b7ed2bcfb75ef19fe916a5a468aac17224232857682229bd8 ppc64le nginx-1.20.1-14.el9_2.5.ppc64le.rpm SHA-256: ce747b30b58a1fe19807d2d61292c5ff9040796f8633f3d44b1cf1382a43369f nginx-all-modules-1.20.1-14.el9_2.5.noarch.rpm SHA-256: 0de510acff58b17fa9a5c2c42385cd592478d647386e11f79d858c34f6bf3b71 nginx-core-1.20.1-14.el9_2.5.ppc64le.rpm SHA-256: 96b43a337f4b82ea70fab4077e079446d3c80a47e2a5f5deebd318848c16ea08 nginx-core-debuginfo-1.20.1-14.el9_2.5.ppc64le.rpm SHA-256: 9ecd38deb6e4c370766619fe2ba247e3f30ed34adeea4d352dea61cb79c6654d nginx-debuginfo-1.20.1-14.el9_2.5.ppc64le.rpm SHA-256: cb1bdbeaf06f0a1f7799986d8720ad5d6b6d9567c053043404f1bc6413ea71a1 nginx-debugsource-1.20.1-14.el9_2.5.ppc64le.rpm SHA-256: 651c8a886aa4d3ef673c24cb14f7a13bca383110fbadbb1eeb25199c47e12b59 nginx-filesystem-1.20.1-14.el9_2.5.noarch.rpm SHA-256: f1f5d2fb3a3dac0d4f2034c14877131ded3b1c2d2fbc75c74f18294b94fe05d5 nginx-mod-http-image-filter-1.20.1-14.el9_2.5.ppc64le.rpm SHA-256: ae7ba1940ee6c60becf1ef8c0bb7d01288c31988d2a82acc219cc911743de2a8 nginx-mod-http-image-filter-debuginfo-1.20.1-14.el9_2.5.ppc64le.rpm SHA-256: da56f7541938397b752c4c2434aeb8a9c8275077fc65a78ae6f4019ff34ba3d8 nginx-mod-http-perl-1.20.1-14.el9_2.5.ppc64le.rpm SHA-256: 317568f86ee876276d6fd9ede9bd70860b8cd89329e04a3bb2aab8f6be760055 nginx-mod-http-perl-debuginfo-1.20.1-14.el9_2.5.ppc64le.rpm SHA-256: 781e65784ad1548a8c62633e4adc9d2ba2b7184edad921bf52a27af2b88c89c4 nginx-mod-http-xslt-filter-1.20.1-14.el9_2.5.ppc64le.rpm SHA-256: 5395b60192f62118350f8a3f029b5731730dd3c3ec62bd9464be27cdcfe65aa8 nginx-mod-http-xslt-filter-debuginfo-1.20.1-14.el9_2.5.ppc64le.rpm SHA-256: 5dc098600ea8d3a2b413c223f98620420dc39aa4bd8fb5c1c9f61eb38e991560 nginx-mod-mail-1.20.1-14.el9_2.5.ppc64le.rpm SHA-256: 367c3b42d6b23b46733eb47c300a2f2597f8c5395e96a97702216de71f889ebf nginx-mod-mail-debuginfo-1.20.1-14.el9_2.5.ppc64le.rpm SHA-256: b1a7d07fb49feb30f253ef85e09f224d506b981e364d7f324d5ed87b72c97b2b nginx-mod-stream-1.20.1-14.el9_2.5.ppc64le.rpm SHA-256: 5f11bde396365b1e2d9d358f24d423dd4678fa9255fa65c6f58256a20e09399f nginx-mod-stream-debuginfo-1.20.1-14.el9_2.5.ppc64le.rpm SHA-256: 312bde06d5274a7981158eb3515a321b23bd5b1858bdecd473115f8cee7ea045 Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.2 SRPM nginx-1.20.1-14.el9_2.5.src.rpm SHA-256: c02d53dc3b86112b7ed2bcfb75ef19fe916a5a468aac17224232857682229bd8 x86_64 nginx-1.20.1-14.el9_2.5.x86_64.rpm SHA-256: 6d0f7d82257ac1ce62654145a8f5afe2b61ca76ed45e0847d732b6628390a8fe nginx-all-modules-1.20.1-14.el9_2.5.noarch.rpm SHA-256: 0de510acff58b17fa9a5c2c42385cd592478d647386e11f79d858c34f6bf3b71 nginx-core-1.20.1-14.el9_2.5.x86_64.rpm SHA-256: 88c7620c796d6f266c42dea8f6c3863f0d61b20efafc37cfccf562b0012fa37d nginx-core-debuginfo-1.20.1-14.el9_2.5.x86_64.rpm SHA-256: e3505a73fc98d18831f4926cc2b3c7de797d983307a7db0e89724896bf06cbab nginx-debuginfo-1.20.1-14.el9_2.5.x86_64.rpm SHA-256: 81cdfc8fa80e52a13cf9125afe8e837e2a4259d51209bfe3d4aa6eb22f00a56b nginx-debugsource-1.20.1-14.el9_2.5.x86_64.rpm SHA-256: 15092709ee9ec3c489bc63a9b0559eabd56ae83cbf600b11057fcc1b70ff7571 nginx-filesystem-1.20.1-14.el9_2.5.noarch.rpm SHA-256: f1f5d2fb3a3dac0d4f2034c14877131ded3b1c2d2fbc75c74f18294b94fe05d5 nginx-mod-http-image-filter-1.20.1-14.el9_2.5.x86_64.rpm SHA-256: 17744437136f70046a40a638442c88a383315e9dc1370c0a89849e8779fc52ee nginx-mod-http-image-filter-debuginfo-1.20.1-14.el9_2.5.x86_64.rpm SHA-256: 601da72f4a805c84f70c01aa29f62088361064cdf43352bfed269996bfd93fae nginx-mod-http-perl-1.20.1-14.el9_2.5.x86_64.rpm SHA-256: 567b13a25014f7c74131566171d5fec9ec231f63e9b914b6d169e3fa2a9137ac nginx-mod-http-perl-debuginfo-1.20.1-14.el9_2.5.x86_64.rpm SHA-256: be4a5431985000cb1094e31060a5766b7d4bc211e630d32fc4455abb41c5ded5 nginx-mod-http-xslt-filter-1.20.1-14.el9_2.5.x86_64.rpm SHA-256: 7c239e55a5673f2bab0ce6b8ed6e1258bd57f6d4194f9404bbd3bf25258ee935 nginx-mod-http-xslt-filter-debuginfo-1.20.1-14.el9_2.5.x86_64.rpm SHA-256: 1b30599a26a58143ed1ceafd8eae233f25a34efe5f640dd0a5ccf8f9cf683b7f nginx-mod-mail-1.20.1-14.el9_2.5.x86_64.rpm SHA-256: 4e471fc5c64064f5291fc96db4b1fee6eb6e5703ec296ec1ed1aa853f957c969 nginx-mod-mail-debuginfo-1.20.1-14.el9_2.5.x86_64.rpm SHA-256: 2fe24c4ff3a1e1b4925c7c671f62bc6efee31f4a750f0185bc0cbe9c3f02748f nginx-mod-stream-1.20.1-14.el9_2.5.x86_64.rpm SHA-256: 6afae46b01c52eb0ce361d7b82720053b41f6c9374bc088e16d401a1dd2c7170 nginx-mod-stream-debuginfo-1.20.1-14.el9_2.5.x86_64.rpm SHA-256: b964e6b4e5254518d585a8a0dda0791c46e39a