- What: Security update for nginx:1.26 on Red Hat Enterprise Linux 9.6
- Impact: Addresses denial of service and code execution vulnerabilities
Red Hat Product Errata RHSA-2026:15966 - Security Advisory Issued: 2026-05-11 Updated: 2026-05-11 RHSA-2026:15966 - Security Advisory Overview Updated Packages Synopsis Important: nginx:1.26 security update Type/Severity Security Advisory: Important Red Hat Lightspeed patch analysis Identify and remediate systems affected by this advisory. View affected systems Topic An update for the nginx:1.26 module is now available for Red Hat Enterprise Linux 9.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Description nginx is a web and proxy server supporting HTTP and other protocols, with a focus on high concurrency, performance, and low memory usage. Security Fix(es): nginx: NGINX: Denial of Service or Code Execution via specially crafted MP4 files (CVE-2026-32647) NGINX: NGINX: Denial of Service or file modification via buffer overflow in ngx_http_dav_module (CVE-2026-27654) NGINX: NGINX: Denial of Service due to memory corruption via crafted MP4 file (CVE-2026-27784) NGINX: NGINX: Denial of Service via undisclosed requests when ngx_mail_auth_http_module is enabled (CVE-2026-27651) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Solution For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 Affected Products Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.6 x86_64 Red Hat Enterprise Linux Server - AUS 9.6 x86_64 Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 9.6 s390x Red Hat Enterprise Linux for Power, little endian - Extended Update Support 9.6 ppc64le Red Hat Enterprise Linux for ARM 64 - Extended Update Support 9.6 aarch64 Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.6 ppc64le Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.6 x86_64 Red Hat Enterprise Linux for ARM 64 - 4 years of updates 9.6 aarch64 Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 9.6 s390x Red Hat Enterprise Linux for x86_64 - Extended Life Cycle 9.6 x86_64 Red Hat Enterprise Linux for ARM 64 - Extended Life Cycle 9.6 aarch64 Red Hat Enterprise Linux for Power, little endian - Extended Life Cycle 9.6 ppc64le Red Hat Enterprise Linux for IBM z Systems - Extended Life Cycle 9.6 s390x Fixes BZ - 2449598 - CVE-2026-32647 nginx: NGINX: Denial of Service or Code Execution via specially crafted MP4 files BZ - 2450776 - CVE-2026-27654 NGINX: NGINX: Denial of Service or file modification via buffer overflow in ngx_http_dav_module BZ - 2450785 - CVE-2026-27784 NGINX: NGINX: Denial of Service due to memory corruption via crafted MP4 file BZ - 2450791 - CVE-2026-27651 NGINX: NGINX: Denial of Service via undisclosed requests when ngx_mail_auth_http_module is enabled CVEs CVE-2026-27651 CVE-2026-27654 CVE-2026-27784 CVE-2026-32647 References https://access.redhat.com/security/updates/classification/#important Note: More recent versions of these packages may be available. Click a package name for more details. Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.6 SRPM nginx-1.26.3-1.module+el9.6.0+24255+10832c07.2.src.rpm SHA-256: 283007bc07881629aa52a8272966a3b1d18011257a88b61c2d47e188436d3851 x86_64 nginx-all-modules-1.26.3-1.module+el9.6.0+24255+10832c07.2.noarch.rpm SHA-256: ca9f10297243a9ee0e38010b07b8332e323630a744ca9e45bc9891a7c886ba01 nginx-filesystem-1.26.3-1.module+el9.6.0+24255+10832c07.2.noarch.rpm SHA-256: 443b7bb9908b8ec3490d36d63029776cadf0c6b4df70b32635de02b5e5c5d71f nginx-all-modules-1.26.3-1.module+el9.6.0+24255+10832c07.2.noarch.rpm SHA-256: ca9f10297243a9ee0e38010b07b8332e323630a744ca9e45bc9891a7c886ba01 nginx-filesystem-1.26.3-1.module+el9.6.0+24255+10832c07.2.noarch.rpm SHA-256: 443b7bb9908b8ec3490d36d63029776cadf0c6b4df70b32635de02b5e5c5d71f nginx-all-modules-1.26.3-1.module+el9.6.0+24255+10832c07.2.noarch.rpm SHA-256: ca9f10297243a9ee0e38010b07b8332e323630a744ca9e45bc9891a7c886ba01 nginx-filesystem-1.26.3-1.module+el9.6.0+24255+10832c07.2.noarch.rpm SHA-256: 443b7bb9908b8ec3490d36d63029776cadf0c6b4df70b32635de02b5e5c5d71f nginx-1.26.3-1.module+el9.6.0+24255+10832c07.2.x86_64.rpm SHA-256: b697b233e07c811c451c4cf9c87e45c15911ddd055fa8303c6c1c9866074c57a nginx-all-modules-1.26.3-1.module+el9.6.0+24255+10832c07.2.noarch.rpm SHA-256: ca9f10297243a9ee0e38010b07b8332e323630a744ca9e45bc9891a7c886ba01 nginx-core-1.26.3-1.module+el9.6.0+24255+10832c07.2.x86_64.rpm SHA-256: 475cb395881713661b37b2b911df6e755a3e93974c3a1a56284e4692fb10ed38 nginx-core-debuginfo-1.26.3-1.module+el9.6.0+24255+10832c07.2.x86_64.rpm SHA-256: fed29a093f49d80db1e7b5e4ada5f7a10b3e3d7f78e32c7e40864a9e1ece527e nginx-debuginfo-1.26.3-1.module+el9.6.0+24255+10832c07.2.x86_64.rpm SHA-256: 22e7ff82fee06aa12bb5f63541f868a913ae228aee22c86f41133f508ee32cc8 nginx-debugsource-1.26.3-1.module+el9.6.0+24255+10832c07.2.x86_64.rpm SHA-256: 6728b7badf0776a2f653b0703dd08282a7540877a970e2bb7f2f9256c7998d6f nginx-filesystem-1.26.3-1.module+el9.6.0+24255+10832c07.2.noarch.rpm SHA-256: 443b7bb9908b8ec3490d36d63029776cadf0c6b4df70b32635de02b5e5c5d71f nginx-mod-devel-1.26.3-1.module+el9.6.0+24255+10832c07.2.x86_64.rpm SHA-256: ddaa1553af879021a47473efec66db0e3824bddb634109b0d30416820c9cefb1 nginx-mod-http-image-filter-1.26.3-1.module+el9.6.0+24255+10832c07.2.x86_64.rpm SHA-256: 787d4feaaaedc6be897bc63cfdcbac9f5f69e4bf7ac5b0ec7e745f7bd689f169 nginx-mod-http-image-filter-debuginfo-1.26.3-1.module+el9.6.0+24255+10832c07.2.x86_64.rpm SHA-256: 7aff9b196d090ebeba5d6883e273aa0601b1585e2aa2a5860956c7a698c13960 nginx-mod-http-perl-1.26.3-1.module+el9.6.0+24255+10832c07.2.x86_64.rpm SHA-256: 9b4a307351808b9f2fd74708d4c24f6f941f6fd06caadddbbc3a73ee57e1e977 nginx-mod-http-perl-debuginfo-1.26.3-1.module+el9.6.0+24255+10832c07.2.x86_64.rpm SHA-256: bc7b09da54b0bb52be0af8f60f5831c53fa45e29084686bb0e15da0aa3f331f1 nginx-mod-http-xslt-filter-1.26.3-1.module+el9.6.0+24255+10832c07.2.x86_64.rpm SHA-256: bb7c2d27ab4709dba86b4934153cefe359a31038ba3b51880bbe56e8dd1f3b0a nginx-mod-http-xslt-filter-debuginfo-1.26.3-1.module+el9.6.0+24255+10832c07.2.x86_64.rpm SHA-256: 72f1fe0ffa10a60ebe8fb099cb9f334e9642a4a2beff67c40ea65797669edc1b nginx-mod-mail-1.26.3-1.module+el9.6.0+24255+10832c07.2.x86_64.rpm SHA-256: 157c7db2c5033afead53527ee2226cc09ac07dc00c48268410e36237ff64770b nginx-mod-mail-debuginfo-1.26.3-1.module+el9.6.0+24255+10832c07.2.x86_64.rpm SHA-256: 1c8ed6a383cd95ab056f01c42f586311bcea20d6bde4997bd3b4e5aa162a2c30 nginx-mod-stream-1.26.3-1.module+el9.6.0+24255+10832c07.2.x86_64.rpm SHA-256: 09d2894a1f5b81dcfe542fa567e51dced2adf0c7739c100db5afcc7bc3ad8f58 nginx-mod-stream-debuginfo-1.26.3-1.module+el9.6.0+24255+10832c07.2.x86_64.rpm SHA-256: e91ba357fa33645ea8a0799340169e8404fb745acc09d824f6e2fbc84f276414 Red Hat Enterprise Linux Server - AUS 9.6 SRPM nginx-1.26.3-1.module+el9.6.0+24255+10832c07.2.src.rpm SHA-256: 283007bc07881629aa52a8272966a3b1d18011257a88b61c2d47e188436d3851 x86_64 nginx-all-modules-1.26.3-1.module+el9.6.0+24255+10832c07.2.noarch.rpm SHA-256: ca9f10297243a9ee0e38010b07b8332e323630a744ca9e45bc9891a7c886ba01 nginx-filesystem-1.26.3-1.module+el9.6.0+24255+10832c07.2.noarch.rpm SHA-256: 443b7bb9908b8ec3490d36d63029776cadf0c6b4df70b32635de02b5e5c5d71f nginx-all-modules-1.26.3-1.module+el9.6.0+24255+10832c07.2.noarch.rpm SHA-256: ca9f10297243a9ee0e38010b07b8332e323630a744ca9e45bc9891a7c886ba01 nginx-filesystem-1.26.3-1.module+el9.6.0+24255+10832c07.2.noarch.rpm SHA-256: 443b7bb9908b8ec3490d36d63029776cadf0c6b4df70b32635de02b5e5c5d71f nginx-all-modules-1.26.3-1.module+el9.6.0+24255+10832c07.2.noarch.rpm SHA-256: ca9f10297243a9ee0e38010b07b8332e323630a744ca9e45bc9891a7c886ba01 nginx-filesystem-1.26.3-1.module+el9.6.0+24255+10832c07.2.noarch.rpm SHA-256: 443b7bb9908b8ec3490d36d63029776cadf0c6b4df70b32635de02b5e5c5d71f nginx-1.26.3-1.module+el9.6.0+24255+10832c07.2.x86_64.rpm SHA-256: b697b233e07c811c451c4cf9c87e45c15911ddd055fa8303c6c1c9866074c57a nginx-all-modules-1.26.3-1.module+el9.6.0+24255+10832c07.2.noarch.rpm SHA-256: ca9f10297243a9ee0e38010b07b8332e323630a744ca9e45bc9891a7c886ba01 nginx-core-1.26.3-1.module+el9.6.0+24255+10832c07.2.x86_64.rpm SHA-256: 475cb395881713661b37b2b911df6e755a3e93974c3a1a56284e4692fb10ed38 nginx-core-debuginfo-1.26.3-1.module+el9.6.0+24255+10832c07.2.x86_64.rpm SHA-256: fed29a093f49d80db1e7b5e4ada5f7a10b3e3d7f78e32c7e40864a9e1ece527e nginx-debuginfo-1.26.3-1.module+el9.6.0+24255+10832c07.2.x86_64.rpm SHA-256: 22e7ff82fee06aa12bb5f63541f868a913ae228aee22c86f41133f508ee32cc8 nginx-debugsource-1.26.3-1.module+el9.6.0+24255+10832c07.2.x86_64.rpm SHA-256: 6728b7badf0776a2f653b0703dd08282a7540877a970e2bb7f2f9256c7998d6f nginx-filesystem-1.26.3-1.module+el9.6.0+24255+10832c07.2.noarch.rpm SHA-256: 443b7bb9908b8ec3490d36d63029776cadf0c6b4df70b32635de02b5e5c5d71f nginx-mod-devel-1.26.3-1.module+el9.6.0+24255+10832c07.2.x86_64.rpm SHA-256: ddaa1553af879021a47473efec66db0e3824bddb634109b0d30416820c9cefb1 nginx-mod-http-image-filter-1.26.3-1.module+el9.6.0+24255+10832c07.2.x86_64.rpm SHA-256: 787d4feaaaedc6be897bc63cfdcbac9f5f69e4bf7ac5b0ec7e745f7bd689f169 nginx-mod-http-image-filter-debuginfo-1.26.3-1.module+el9.6.0+24255+10832c07.2.x86_64.rpm SHA-256: 7aff9b196d090ebeba5d6883e273aa0601b1585e2aa2a5860956c7a698c13960 nginx-mod-http-perl-1.26.3-1.module+el9.6.0+24255+10832c07.2.x86_64.rpm SHA-256: 9b4a307351808b9f2fd74708d4c24f6f941f6fd06caadddbbc3a73ee57e1e977 nginx-mod-http-perl-debuginfo-1.26.3-1.module+el9.6.0+24255+10832c07.2.x86_64.rpm SHA-256: bc7b09da54b0bb52be0af8f60f5831c53fa45e29084686bb0e15da0aa3f331f1 nginx-mod-http-xslt-filter-1.26.3-1.module+el9.6.0+24255+10832c07.2.x