A critical arbitrary code execution vulnerability (CVE-2026-42945, CVSS 8.1 HIGH) has been identified in the nginx web and proxy server. The article states this affects the nginx:1.26 module for Red Hat Enterprise Linux 9.6 Extended Update Support variants, but specific version ranges and the exact fixed version are not provided in the primary text. Red Hat has released a security update rated as Critical to address this issue.
Red Hat Product Errata RHSA-2026:17753 - Security Advisory Issued: 2026-05-15 Updated: 2026-05-15 RHSA-2026:17753 - Security Advisory Overview Updated Packages Synopsis Critical: nginx:1.26 security update Type/Severity Security Advisory: Critical Red Hat Lightspeed patch analysis Identify and remediate systems affected by this advisory. View affected systems Topic An update for the nginx:1.26 module is now available for Red Hat Enterprise Linux 9.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Description nginx is a web and proxy server supporting HTTP and other protocols, with a focus on high concurrency, performance, and low memory usage. Security Fix(es): nginx: NGINX: Arbitrary Code Execution Vulnerability (CVE-2026-42945) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Solution For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 Affected Products Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.6 x86_64 Red Hat Enterprise Linux Server - AUS 9.6 x86_64 Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 9.6 s390x Red Hat Enterprise Linux for Power, little endian - Extended Update Support 9.6 ppc64le Red Hat Enterprise Linux for ARM 64 - Extended Update Support 9.6 aarch64 Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.6 ppc64le Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.6 x86_64 Red Hat Enterprise Linux for ARM 64 - 4 years of updates 9.6 aarch64 Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 9.6 s390x Red Hat Enterprise Linux for x86_64 - Extended Life Cycle 9.6 x86_64 Red Hat Enterprise Linux for ARM 64 - Extended Life Cycle 9.6 aarch64 Red Hat Enterprise Linux for Power, little endian - Extended Life Cycle 9.6 ppc64le Red Hat Enterprise Linux for IBM z Systems - Extended Life Cycle 9.6 s390x Fixes BZ - 2477116 - CVE-2026-42945 nginx: NGINX: Arbitrary Code Execution Vulnerability CVEs CVE-2026-42945 References https://access.redhat.com/security/updates/classification/#critical Note: More recent versions of these packages may be available. Click a package name for more details. Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.6 SRPM nginx-1.26.3-1.module+el9.6.0+24296+87cb744c.3.src.rpm SHA-256: 3d06258c4e2d4634c09ad26c5d2801214f51d4a6081f744147ce3cb076a45739 x86_64 nginx-all-modules-1.26.3-1.module+el9.6.0+24296+87cb744c.3.noarch.rpm SHA-256: 6bcd58964eb8144f5cf1324e507c99b0e287b8d8e31715334e483087687ebde1 nginx-filesystem-1.26.3-1.module+el9.6.0+24296+87cb744c.3.noarch.rpm SHA-256: 5eaff38a5c903a1a4a733e9122494d61a3173d995cc9f762575556a46b58a256 nginx-all-modules-1.26.3-1.module+el9.6.0+24296+87cb744c.3.noarch.rpm SHA-256: 6bcd58964eb8144f5cf1324e507c99b0e287b8d8e31715334e483087687ebde1 nginx-filesystem-1.26.3-1.module+el9.6.0+24296+87cb744c.3.noarch.rpm SHA-256: 5eaff38a5c903a1a4a733e9122494d61a3173d995cc9f762575556a46b58a256 nginx-1.26.3-1.module+el9.6.0+24296+87cb744c.3.x86_64.rpm SHA-256: abad97a03d1c64a806b6bd0e00ca1628bc22c3ef661b87600ab740562ad8f906 nginx-all-modules-1.26.3-1.module+el9.6.0+24296+87cb744c.3.noarch.rpm SHA-256: 6bcd58964eb8144f5cf1324e507c99b0e287b8d8e31715334e483087687ebde1 nginx-core-1.26.3-1.module+el9.6.0+24296+87cb744c.3.x86_64.rpm SHA-256: e6ed89b8be7898c0d1237d47bb3a8b6db116d35938530eaec02a8370ec4431ec nginx-core-debuginfo-1.26.3-1.module+el9.6.0+24296+87cb744c.3.x86_64.rpm SHA-256: 7a0a7625e76145122ff4e61752184246d9e73029f5ef131483e4e6e887eee243 nginx-debuginfo-1.26.3-1.module+el9.6.0+24296+87cb744c.3.x86_64.rpm SHA-256: c26de3891c03e3bd7faf4fb4e0559e6893d3a5d7fba7d3f65a4b3872f5136658 nginx-debugsource-1.26.3-1.module+el9.6.0+24296+87cb744c.3.x86_64.rpm SHA-256: 457185de739e9a2c8a7381c2b6bec70906b5e1d74f2ecc20cc3eadd391b1b694 nginx-filesystem-1.26.3-1.module+el9.6.0+24296+87cb744c.3.noarch.rpm SHA-256: 5eaff38a5c903a1a4a733e9122494d61a3173d995cc9f762575556a46b58a256 nginx-mod-devel-1.26.3-1.module+el9.6.0+24296+87cb744c.3.x86_64.rpm SHA-256: 826eceb8383000e4e4a249552975720f5b90ebd2bbae501e09cc41e1db7f1a33 nginx-mod-http-image-filter-1.26.3-1.module+el9.6.0+24296+87cb744c.3.x86_64.rpm SHA-256: 6dcc0971a4cdb98de09da2750c6bcf420d7ce1ef3718f14e7aaea51cd2bbf747 nginx-mod-http-image-filter-debuginfo-1.26.3-1.module+el9.6.0+24296+87cb744c.3.x86_64.rpm SHA-256: 8737dee88704c1e05bab321d399a00a455f35a6251df64aba292a674f2e2323f nginx-mod-http-perl-1.26.3-1.module+el9.6.0+24296+87cb744c.3.x86_64.rpm SHA-256: 534a0cd662dbeda38207794c98d8c60f35a15f5a58bc1867b22528489ebd16b9 nginx-mod-http-perl-debuginfo-1.26.3-1.module+el9.6.0+24296+87cb744c.3.x86_64.rpm SHA-256: c5dca1a563eb74eb7545d5c32b972e3145c29ffde4bc0c4c001f2ea161c2b596 nginx-mod-http-xslt-filter-1.26.3-1.module+el9.6.0+24296+87cb744c.3.x86_64.rpm SHA-256: 9eabb15a8e9bd8c3623717f6a2829fcc9d918180696ac3b49ef7406c121c9605 nginx-mod-http-xslt-filter-debuginfo-1.26.3-1.module+el9.6.0+24296+87cb744c.3.x86_64.rpm SHA-256: 410b310eb8142c103862d9d0cda4959366c1898fca41e51056f0bc252b981ba3 nginx-mod-mail-1.26.3-1.module+el9.6.0+24296+87cb744c.3.x86_64.rpm SHA-256: 3b38e1bfb911f9386bf689eee23642dcd79a718546eca0312701f1057e7cd640 nginx-mod-mail-debuginfo-1.26.3-1.module+el9.6.0+24296+87cb744c.3.x86_64.rpm SHA-256: 6581f579678f86a5a31191f80f3a086e222572575de48d72a7bc0601694b8f97 nginx-mod-stream-1.26.3-1.module+el9.6.0+24296+87cb744c.3.x86_64.rpm SHA-256: 137d4d754200443ac0f22e24aaa3c0dfd36c6b35b6bc579134a674f38413c04b nginx-mod-stream-debuginfo-1.26.3-1.module+el9.6.0+24296+87cb744c.3.x86_64.rpm SHA-256: 379a08326a507bf8693283003e2dc15a338cfe60dce169c43a8d5eb8eed3a7db nginx-all-modules-1.26.3-1.module+el9.6.0+24296+87cb744c.3.noarch.rpm SHA-256: 6bcd58964eb8144f5cf1324e507c99b0e287b8d8e31715334e483087687ebde1 nginx-filesystem-1.26.3-1.module+el9.6.0+24296+87cb744c.3.noarch.rpm SHA-256: 5eaff38a5c903a1a4a733e9122494d61a3173d995cc9f762575556a46b58a256 Red Hat Enterprise Linux Server - AUS 9.6 SRPM nginx-1.26.3-1.module+el9.6.0+24296+87cb744c.3.src.rpm SHA-256: 3d06258c4e2d4634c09ad26c5d2801214f51d4a6081f744147ce3cb076a45739 x86_64 nginx-all-modules-1.26.3-1.module+el9.6.0+24296+87cb744c.3.noarch.rpm SHA-256: 6bcd58964eb8144f5cf1324e507c99b0e287b8d8e31715334e483087687ebde1 nginx-filesystem-1.26.3-1.module+el9.6.0+24296+87cb744c.3.noarch.rpm SHA-256: 5eaff38a5c903a1a4a733e9122494d61a3173d995cc9f762575556a46b58a256 nginx-all-modules-1.26.3-1.module+el9.6.0+24296+87cb744c.3.noarch.rpm SHA-256: 6bcd58964eb8144f5cf1324e507c99b0e287b8d8e31715334e483087687ebde1 nginx-filesystem-1.26.3-1.module+el9.6.0+24296+87cb744c.3.noarch.rpm SHA-256: 5eaff38a5c903a1a4a733e9122494d61a3173d995cc9f762575556a46b58a256 nginx-1.26.3-1.module+el9.6.0+24296+87cb744c.3.x86_64.rpm SHA-256: abad97a03d1c64a806b6bd0e00ca1628bc22c3ef661b87600ab740562ad8f906 nginx-all-modules-1.26.3-1.module+el9.6.0+24296+87cb744c.3.noarch.rpm SHA-256: 6bcd58964eb8144f5cf1324e507c99b0e287b8d8e31715334e483087687ebde1 nginx-core-1.26.3-1.module+el9.6.0+24296+87cb744c.3.x86_64.rpm SHA-256: e6ed89b8be7898c0d1237d47bb3a8b6db116d35938530eaec02a8370ec4431ec nginx-core-debuginfo-1.26.3-1.module+el9.6.0+24296+87cb744c.3.x86_64.rpm SHA-256: 7a0a7625e76145122ff4e61752184246d9e73029f5ef131483e4e6e887eee243 nginx-debuginfo-1.26.3-1.module+el9.6.0+24296+87cb744c.3.x86_64.rpm SHA-256: c26de3891c03e3bd7faf4fb4e0559e6893d3a5d7fba7d3f65a4b3872f5136658 nginx-debugsource-1.26.3-1.module+el9.6.0+24296+87cb744c.3.x86_64.rpm SHA-256: 457185de739e9a2c8a7381c2b6bec70906b5e1d74f2ecc20cc3eadd391b1b694 nginx-filesystem-1.26.3-1.module+el9.6.0+24296+87cb744c.3.noarch.rpm SHA-256: 5eaff38a5c903a1a4a733e9122494d61a3173d995cc9f762575556a46b58a256 nginx-mod-devel-1.26.3-1.module+el9.6.0+24296+87cb744c.3.x86_64.rpm SHA-256: 826eceb8383000e4e4a249552975720f5b90ebd2bbae501e09cc41e1db7f1a33 nginx-mod-http-image-filter-1.26.3-1.module+el9.6.0+24296+87cb744c.3.x86_64.rpm SHA-256: 6dcc0971a4cdb98de09da2750c6bcf420d7ce1ef3718f14e7aaea51cd2bbf747 nginx-mod-http-image-filter-debuginfo-1.26.3-1.module+el9.6.0+24296+87cb744c.3.x86_64.rpm SHA-256: 8737dee88704c1e05bab321d399a00a455f35a6251df64aba292a674f2e2323f nginx-mod-http-perl-1.26.3-1.module+el9.6.0+24296+87cb744c.3.x86_64.rpm SHA-256: 534a0cd662dbeda38207794c98d8c60f35a15f5a58bc1867b22528489ebd16b9 nginx-mod-http-perl-debuginfo-1.26.3-1.module+el9.6.0+24296+87cb744c.3.x86_64.rpm SHA-256: c5dca1a563eb74eb7545d5c32b972e3145c29ffde4bc0c4c001f2ea161c2b596 nginx-mod-http-xslt-filter-1.26.3-1.module+el9.6.0+24296+87cb744c.3.x86_64.rpm SHA-256: 9eabb15a8e9bd8c3623717f6a2829fcc9d918180696ac3b49ef7406c121c9605 nginx-mod-http-xslt-filter-debuginfo-1.26.3-1.module+el9.6.0+24296+87cb744c.3.x86_64.rpm SHA-256: 410b310eb8142c103862d9d0cda4959366c1898fca41e51056f0bc252b981ba3 nginx-mod-mail-1.26.3-1.module+el9.6.0+24296+87cb744c.3.x86_64.rpm SHA-256: 3b38e1bfb911f9386bf689eee23642dcd79a718546eca0312701f1057e7cd640 nginx-mod-mail-debuginfo-1.26.3-1.module+el9.6.0+24296+87cb744c.3.x86_64.rpm SHA-256: 6581f579678f86a5a31191f80f3a086e222572575de48d72a7bc0601694b8f97 nginx-mod-stream-1.26.3-1.module+el9.6.0+24296+87cb744c.3.x86_64.rpm SHA-256: 137d4d754200443ac0f22e24aaa3c0dfd36c6b35b6bc579134a674f38413c04b nginx-mod-stream-debuginfo-1.26.3-1.module+el9.6.0+24296+87cb744c.3.x86_64.rpm SHA-256: 379a08326a507bf8693283003e2dc15a338cfe60dce169c43a8d5eb8eed3a7db nginx-all-modules-1.26.3-1.module+el9.6.0+24296+87cb744c.3.noarch.rpm SHA-256: 6bcd58964eb8144f5cf1324e507c99b0e287b8d8e31715334e483087687ebde1 nginx-filesystem-1.26.3-1.module+el9.6.0+24296+87cb744c.3.noarch.rpm SHA-256: 5eaff38a5c903a1a4a733e91