Red Hat Product Errata RHSA-2026:15942 - Security Advisory Issued: 2026-05-11 Updated: 2026-05-11 RHSA-2026:15942 - Security Advisory Overview Updated Packages Synopsis Important: nginx security update Type/Severity Security Advisory: Important Red Hat Lightspeed patch analysis Identify and remediate systems affected by this advisory. View affected systems Topic An update for nginx is now available for Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Description nginx is a web and proxy server supporting HTTP and other protocols, with a focus on high concurrency, performance, and low memory usage. Security Fix(es): nginx: NGINX: Denial of Service or Code Execution via specially crafted MP4 files (CVE-2026-32647) NGINX: NGINX: Denial of Service or file modification via buffer overflow in ngx_http_dav_module (CVE-2026-27654) NGINX: NGINX: Denial of Service due to memory corruption via crafted MP4 file (CVE-2026-27784) NGINX: NGINX: Denial of Service via undisclosed requests when ngx_mail_auth_http_module is enabled (CVE-2026-27651) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Solution For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 Affected Products Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.0 ppc64le Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.0 x86_64 Red Hat Enterprise Linux for ARM 64 - 4 years of updates 9.0 aarch64 Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 9.0 s390x Fixes BZ - 2449598 - CVE-2026-32647 nginx: NGINX: Denial of Service or Code Execution via specially crafted MP4 files BZ - 2450776 - CVE-2026-27654 NGINX: NGINX: Denial of Service or file modification via buffer overflow in ngx_http_dav_module BZ - 2450785 - CVE-2026-27784 NGINX: NGINX: Denial of Service due to memory corruption via crafted MP4 file BZ - 2450791 - CVE-2026-27651 NGINX: NGINX: Denial of Service via undisclosed requests when ngx_mail_auth_http_module is enabled CVEs CVE-2026-27651 CVE-2026-27654 CVE-2026-27784 CVE-2026-32647 References https://access.redhat.com/security/updates/classification/#important Note: More recent versions of these packages may be available. Click a package name for more details. Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.0 SRPM nginx-1.20.1-10.el9_0.3.src.rpm SHA-256: 9abc1db41985e8b4db0ac3810d005c96693a9940d08acf90ab5814f4b3f36c34 ppc64le nginx-1.20.1-10.el9_0.3.ppc64le.rpm SHA-256: 8c20b6f7d9b92f61fef7af5c84997e3c4980c6eb32b8c8bbb8bbeaf530da278b nginx-all-modules-1.20.1-10.el9_0.3.noarch.rpm SHA-256: e8555edcf73264c93d14524961633aaa579cbaa81560cd1ec1ece003bc2ac2e4 nginx-debuginfo-1.20.1-10.el9_0.3.ppc64le.rpm SHA-256: 9afac0932e6158fe54bfa2dcf33d893d5ccf8e18fb6a6b20445d1f6d95670cc3 nginx-debugsource-1.20.1-10.el9_0.3.ppc64le.rpm SHA-256: 0a39297c691300c42cd8b85881e83b3acbde9e3bbd77e9815034a20349fe26c9 nginx-filesystem-1.20.1-10.el9_0.3.noarch.rpm SHA-256: ae087c778e2596b9a97de9f36b3f9de5c04009845ec7790bbbe7bae195c55e4c nginx-mod-http-image-filter-1.20.1-10.el9_0.3.ppc64le.rpm SHA-256: f9023b2ae400c7f4506ee7231cf724f915187eb69a628c360e816ec14ce9a5e9 nginx-mod-http-image-filter-debuginfo-1.20.1-10.el9_0.3.ppc64le.rpm SHA-256: 4266f5e3d979b2d8d9b9f31af1964beeddb2dfc00f68172e9da6b46826c4fa9c nginx-mod-http-perl-1.20.1-10.el9_0.3.ppc64le.rpm SHA-256: c7a739153de8849527c2564b29722327dde258f739c88ff5d5df5d9f98f7ca00 nginx-mod-http-perl-debuginfo-1.20.1-10.el9_0.3.ppc64le.rpm SHA-256: fc6283e98b88336668cc1b2d3e36ba08c30ab49b4eca3ce9420cc50417640762 nginx-mod-http-xslt-filter-1.20.1-10.el9_0.3.ppc64le.rpm SHA-256: 1b632c0fd2910d6dd879f43d40798dd2ef81cd5456f3d3f7af21b2b723b94d3d nginx-mod-http-xslt-filter-debuginfo-1.20.1-10.el9_0.3.ppc64le.rpm SHA-256: 16a4e6122fbfed0c61ed4f633537fb1d5ba87f8e2789bb78069335b8b7d79978 nginx-mod-mail-1.20.1-10.el9_0.3.ppc64le.rpm SHA-256: 494a3cdf873f0b57e5cc68fc5969fd28084fc41e662c055c4887df8e2b83ec36 nginx-mod-mail-debuginfo-1.20.1-10.el9_0.3.ppc64le.rpm SHA-256: f209647cf88f956f72da5bb38c592cb52ce722d9f3f70d69ce8390c3edcd0a31 nginx-mod-stream-1.20.1-10.el9_0.3.ppc64le.rpm SHA-256: 7f66ff35b5df3fdd2abbb94641522be5b1f72a2f5fd82dc4bf64a4b7fce8ddb9 nginx-mod-stream-debuginfo-1.20.1-10.el9_0.3.ppc64le.rpm SHA-256: 39b226f8429e7946f101d91cbe6e2f494f5879c693b0ec8b1123e1c0f72754c4 Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.0 SRPM nginx-1.20.1-10.el9_0.3.src.rpm SHA-256: 9abc1db41985e8b4db0ac3810d005c96693a9940d08acf90ab5814f4b3f36c34 x86_64 nginx-1.20.1-10.el9_0.3.x86_64.rpm SHA-256: 415c53d196cb90c01a876a2aba4399fedcbd73cc7e0d270c2f7630b50d7183aa nginx-all-modules-1.20.1-10.el9_0.3.noarch.rpm SHA-256: e8555edcf73264c93d14524961633aaa579cbaa81560cd1ec1ece003bc2ac2e4 nginx-debuginfo-1.20.1-10.el9_0.3.x86_64.rpm SHA-256: 9f7d591a388bf18f013a73813cc406d174d39f77dd6acf14120aa24db3810f30 nginx-debugsource-1.20.1-10.el9_0.3.x86_64.rpm SHA-256: c11b0bb25b341aea99834091f9b178a64ef0fe43d94d4866a7eadb068d6ae7ec nginx-filesystem-1.20.1-10.el9_0.3.noarch.rpm SHA-256: ae087c778e2596b9a97de9f36b3f9de5c04009845ec7790bbbe7bae195c55e4c nginx-mod-http-image-filter-1.20.1-10.el9_0.3.x86_64.rpm SHA-256: 95110fbb08aa6705c964b16ccc60308d9b54e8d518cef63334ef7cd5ceab5e2f nginx-mod-http-image-filter-debuginfo-1.20.1-10.el9_0.3.x86_64.rpm SHA-256: ae5e92fe6941213eca65f548e2d89d37938b959bf362c89af3c2f5c76b3fbc61 nginx-mod-http-perl-1.20.1-10.el9_0.3.x86_64.rpm SHA-256: 1b352f57b650be97b624b2b65e9aa8ddf804f4c1b88b7a906f39203dad31baaf nginx-mod-http-perl-debuginfo-1.20.1-10.el9_0.3.x86_64.rpm SHA-256: d4a4c2d45cc4e6a256e5dafa94960a2e9745e32a900883c0ff43e748b63f3504 nginx-mod-http-xslt-filter-1.20.1-10.el9_0.3.x86_64.rpm SHA-256: ff0db1551bbafd1e509794b5e46a8da733e5449ec399e6eca9ada5399ee9d51a nginx-mod-http-xslt-filter-debuginfo-1.20.1-10.el9_0.3.x86_64.rpm SHA-256: 8528b8bc746a005ee68f60afd60a85844545cb2a3281e756047d1df72cdac5c1 nginx-mod-mail-1.20.1-10.el9_0.3.x86_64.rpm SHA-256: 226f840f614891912133abb5942849a9932e6a1f9fd46bcb8aef3b57641d6a89 nginx-mod-mail-debuginfo-1.20.1-10.el9_0.3.x86_64.rpm SHA-256: aadea76160a630832081085d2fd3024477611f27ef27ca90eb5151af66250290 nginx-mod-stream-1.20.1-10.el9_0.3.x86_64.rpm SHA-256: cabe3afa7dc4b0afe7c6ffbdd3dbf586af34f718c7882ae7cda5a68da0f20997 nginx-mod-stream-debuginfo-1.20.1-10.el9_0.3.x86_64.rpm SHA-256: aa27e96a28af25d215829abe2899b0618507667d1ea516c842e1bd1e030ad994 Red Hat Enterprise Linux for ARM 64 - 4 years of updates 9.0 SRPM nginx-1.20.1-10.el9_0.3.src.rpm SHA-256: 9abc1db41985e8b4db0ac3810d005c96693a9940d08acf90ab5814f4b3f36c34 aarch64 nginx-1.20.1-10.el9_0.3.aarch64.rpm SHA-256: fb1c8363a02eb4bcc1329fa8f0e0d44fa40fb68ac5ae907a594964cc9b34bb34 nginx-all-modules-1.20.1-10.el9_0.3.noarch.rpm SHA-256: e8555edcf73264c93d14524961633aaa579cbaa81560cd1ec1ece003bc2ac2e4 nginx-debuginfo-1.20.1-10.el9_0.3.aarch64.rpm SHA-256: 2ebf7d36e6e9b11d35c2e7e46efec9ef1af4eb944739f1e018997d8b5a6b9f0c nginx-debugsource-1.20.1-10.el9_0.3.aarch64.rpm SHA-256: bfdfbfe497798bbdce19a4e42fb810f0f4a3ae3579dbf6a17e53a27c8facd0c8 nginx-filesystem-1.20.1-10.el9_0.3.noarch.rpm SHA-256: ae087c778e2596b9a97de9f36b3f9de5c04009845ec7790bbbe7bae195c55e4c nginx-mod-http-image-filter-1.20.1-10.el9_0.3.aarch64.rpm SHA-256: 413033ffe9444ec7120a966e793996b5b7ab56144429ac04c673dd2d977bf17c nginx-mod-http-image-filter-debuginfo-1.20.1-10.el9_0.3.aarch64.rpm SHA-256: bb69a00acbcd3627bba86b9d036bcee0d80bc66ee40f50f1310893c5b835fcb4 nginx-mod-http-perl-1.20.1-10.el9_0.3.aarch64.rpm SHA-256: aa7a2c48a5c9a55b3494690f58bee30fc8681f2da30ae26e0d1e84cece811a44 nginx-mod-http-perl-debuginfo-1.20.1-10.el9_0.3.aarch64.rpm SHA-256: 1e9945ab8867870787365412d8a2c63bb19b9d77eee6673f88d4173609a14d75 nginx-mod-http-xslt-filter-1.20.1-10.el9_0.3.aarch64.rpm SHA-256: ea49776e9fcd2e1660ef2a1a842a40490d6c5d5dad963a944f4fa6aec8162ce7 nginx-mod-http-xslt-filter-debuginfo-1.20.1-10.el9_0.3.aarch64.rpm SHA-256: 39c840049bcaf07967d621e9eb0b65075530ee62bb12e6986576e677f3bbb946 nginx-mod-mail-1.20.1-10.el9_0.3.aarch64.rpm SHA-256: c93466e95a6452511b1f2a9ebdeec6b876e4dd721890ee58b15bc2258d9a31f7 nginx-mod-mail-debuginfo-1.20.1-10.el9_0.3.aarch64.rpm SHA-256: 34947ff9c66e6c98302901341209ac8d7cdbc6bb040453ca24df3a044185cbaf nginx-mod-stream-1.20.1-10.el9_0.3.aarch64.rpm SHA-256: 6866bfff55a3a683e4450f375f34d4cfe70c4e624e42d62468ce942b3462e103 nginx-mod-stream-debuginfo-1.20.1-10.el9_0.3.aarch64.rpm SHA-256: c7cd13687947d9dcbcbd1491394f6bcda9ab20ef0cab072a6efa53b2d093eaa3 Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 9.0 SRPM nginx-1.20.1-10.el9_0.3.src.rpm SHA-256: 9abc1db41985e8b4db0ac3810d005c96693a9940d08acf90ab5814f4b3f36c34 s390x nginx-1.20.1-10.el9_0.3.s390x.rpm SHA-256: 8cd7c06e5622b7b19e06b2aa72c7cb998642c137445f8f3fcc29fd82298b2842 nginx-all-modules-1.20.1-10.el9_0.3.noarch.rpm SHA-256: e8555edcf73264c93d14524961633aaa579cbaa81560cd1ec1ece003bc2ac2e4 nginx-debuginfo-1.20.1-10.el9_0.3.s390x.rpm SHA-256: f053044a317c862c3d019c3ce2f04bf5e300d1207a30bd777a1682b229c44caf nginx-debugsource-1.20.1-10.el9_0.3.s390x.rpm SHA-256: 7b6e840849f170147d0f46139de1d8fb086525bb4c710805955301e90cf25134 nginx-filesystem-1.20.1-10.el9_0.3.noarch.rpm SHA-256: ae087c778e2596b9a97de9f36b3f9de5c04009845ec7790bbbe7bae195c55e4c nginx-mod-http-image-filter-1.20.1-10.el9_0.3.s390x.rpm SHA-256: f9f129c7efb7dd9d0d582828262195bde8c983b65bd8919dcf22b60d647b5029 nginx-mod-http-image-filter-debuginfo-1.20.1-10.el9_0.3.s390x.rpm SHA-256: dc4c5fc2a9aa14c79fed254a7b