Red Hat Product Errata RHSA-2026:17790 - Security Advisory Issued: 2026-05-15 Updated: 2026-05-15 RHSA-2026:17790 - Security Advisory Overview Updated Packages Synopsis Critical: nginx security update Type/Severity Security Advisory: Critical Red Hat Lightspeed patch analysis Identify and remediate systems affected by this advisory. View affected systems Topic An update for nginx is now available for Red Hat Enterprise Linux 10.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Description nginx is a web and proxy server supporting HTTP and other protocols, with a focus on high concurrency, performance, and low memory usage. Security Fix(es): nginx: NGINX: Arbitrary Code Execution Vulnerability (CVE-2026-42945) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Solution For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 Affected Products Red Hat Enterprise Linux for x86_64 - Extended Update Support 10.0 x86_64 Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 10.0 s390x Red Hat Enterprise Linux for Power, little endian - Extended Update Support 10.0 ppc64le Red Hat Enterprise Linux for ARM 64 - Extended Update Support 10.0 aarch64 Red Hat CodeReady Linux Builder for x86_64 - Extended Update Support 10.0 x86_64 Red Hat CodeReady Linux Builder for Power, little endian - Extended Update Support 10.0 ppc64le Red Hat CodeReady Linux Builder for IBM z Systems - Extended Update Support 10.0 s390x Red Hat CodeReady Linux Builder for ARM 64 - Extended Update Support 10.0 aarch64 Red Hat Enterprise Linux for ARM 64 - 4 years of updates 10.0 aarch64 Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 10.0 s390x Red Hat Enterprise Linux for Power, little endian - 4 years of support 10.0 ppc64le Red Hat Enterprise Linux for x86_64 - 4 years of updates 10.0 x86_64 Fixes BZ - 2477116 - CVE-2026-42945 nginx: NGINX: Arbitrary Code Execution Vulnerability CVEs CVE-2026-42945 References https://access.redhat.com/security/updates/classification/#critical Note: More recent versions of these packages may be available. Click a package name for more details. Red Hat Enterprise Linux for x86_64 - Extended Update Support 10.0 SRPM nginx-1.26.3-1.el10_0.9.src.rpm SHA-256: 858c1f4a10aac10253db09617d72fb9c79debab3214fb2bfa6f2f5dd3edd70d8 x86_64 nginx-1.26.3-1.el10_0.9.x86_64.rpm SHA-256: 8c0d6df49f97284ec345bada1aaaf02be8ae6d27e7df925539c5a34b0a43038a nginx-all-modules-1.26.3-1.el10_0.9.noarch.rpm SHA-256: 5520f50e4e497387c91da69f7984e34627577846be4d722ecb086122dac58b89 nginx-core-1.26.3-1.el10_0.9.x86_64.rpm SHA-256: d7a66786ce31e0c29a79c092b01a49a13232fd81857b19e6647ec8901abef387 nginx-core-debuginfo-1.26.3-1.el10_0.9.x86_64.rpm SHA-256: 8b6f0c70b2947e4da8f03c5818d968d5622cf7c2e6bc28802bb0c121c526e1ae nginx-debuginfo-1.26.3-1.el10_0.9.x86_64.rpm SHA-256: 33b920bc4146588d1bf05fd4abcb90e62df3dfe089aa3c99b316b5da8a70558c nginx-debugsource-1.26.3-1.el10_0.9.x86_64.rpm SHA-256: a97cc3816389cc8b8d533ada82a8600f79cbadf836a3d9968bc1daecfeb6d0bd nginx-filesystem-1.26.3-1.el10_0.9.noarch.rpm SHA-256: 53d80c5f20c785b558b5c53a6f4fdea2eb3ef6c759243030d48ce2db9e39c0ab nginx-mod-http-image-filter-1.26.3-1.el10_0.9.x86_64.rpm SHA-256: 690a54b2539708fed3b7b76f82f4fc00eeeab92f9ad80391f07038628c85bc72 nginx-mod-http-image-filter-debuginfo-1.26.3-1.el10_0.9.x86_64.rpm SHA-256: ffbc1a6dca19adadf5c113f891e6ee3b797554c0e5d86bbec471c5b11ba9c944 nginx-mod-http-perl-1.26.3-1.el10_0.9.x86_64.rpm SHA-256: 6e71b32f178d7ff56a2827645ddaa3f8b3a748a070c4f7092d1dfd97a73a8a20 nginx-mod-http-perl-debuginfo-1.26.3-1.el10_0.9.x86_64.rpm SHA-256: eb3e1f8331722b6766f59171ff31ae0f8f6178acf4a9b75bd6cab1b5344658c4 nginx-mod-http-xslt-filter-1.26.3-1.el10_0.9.x86_64.rpm SHA-256: 4d445f3fffd20193eb79dae68d86b88271b33e07e31202167821f7d71d317028 nginx-mod-http-xslt-filter-debuginfo-1.26.3-1.el10_0.9.x86_64.rpm SHA-256: 627dbc459b165a25e4225581e9d90467d82045f5ba5a7a37febd5d0f0fb61d68 nginx-mod-mail-1.26.3-1.el10_0.9.x86_64.rpm SHA-256: 8456ae55b275f54dd1134e93fe3c9f102833cd1eef413eaac56db59d36d3e36a nginx-mod-mail-debuginfo-1.26.3-1.el10_0.9.x86_64.rpm SHA-256: 58daa9685859afa636742be36e4a33c1f66c8726506b608e8fa6e1e02752a0f7 nginx-mod-stream-1.26.3-1.el10_0.9.x86_64.rpm SHA-256: dc47d337a51419149d7b5deab8c87fddbecb6ca0fdc3bd37430f16652c347b37 nginx-mod-stream-debuginfo-1.26.3-1.el10_0.9.x86_64.rpm SHA-256: 9958b413aa626dedbb02df7a4cdd49961a405b39c3684e7f2abd2c6788e90090 Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 10.0 SRPM nginx-1.26.3-1.el10_0.9.src.rpm SHA-256: 858c1f4a10aac10253db09617d72fb9c79debab3214fb2bfa6f2f5dd3edd70d8 s390x nginx-1.26.3-1.el10_0.9.s390x.rpm SHA-256: 260a3aeff2c4debe66011fbd0c8ba20a7bd45beb1a3c459d41899106f56eb024 nginx-all-modules-1.26.3-1.el10_0.9.noarch.rpm SHA-256: 5520f50e4e497387c91da69f7984e34627577846be4d722ecb086122dac58b89 nginx-core-1.26.3-1.el10_0.9.s390x.rpm SHA-256: 094b9dfda4779db2842dc163832c54f9f2f9db3397ae8af52ab32465cd9c10b6 nginx-core-debuginfo-1.26.3-1.el10_0.9.s390x.rpm SHA-256: 43da8497eb702505a462f80cd4042e32c9c0689bc3c1f723129770b8ce4cd6c8 nginx-debuginfo-1.26.3-1.el10_0.9.s390x.rpm SHA-256: 22248c4816916c5e5e71d0036c730e4514bd8b97aae57aa6dbcd25746afc7925 nginx-debugsource-1.26.3-1.el10_0.9.s390x.rpm SHA-256: fba0d006ff2d7522adb348f6be1d51b53452e1400be8d81dd9ff74652c05991a nginx-filesystem-1.26.3-1.el10_0.9.noarch.rpm SHA-256: 53d80c5f20c785b558b5c53a6f4fdea2eb3ef6c759243030d48ce2db9e39c0ab nginx-mod-http-image-filter-1.26.3-1.el10_0.9.s390x.rpm SHA-256: 647f71a75d192ceccc9496ae41d47b8900f5b269efdf687aa0d71134f559fb2b nginx-mod-http-image-filter-debuginfo-1.26.3-1.el10_0.9.s390x.rpm SHA-256: c096416a252973dd0fc45c21e72eb3f00b5da508251862d4f9547dd6b3e1d068 nginx-mod-http-perl-1.26.3-1.el10_0.9.s390x.rpm SHA-256: 83b65ee388c4f5cdc673f3bd53298beaf91c5d870b8c31c114b7b2bab40c9d1a nginx-mod-http-perl-debuginfo-1.26.3-1.el10_0.9.s390x.rpm SHA-256: 9d36726960fdd6c969c99c42faadc50604db716206b54b02f49b63f877dac10d nginx-mod-http-xslt-filter-1.26.3-1.el10_0.9.s390x.rpm SHA-256: 132152340b1315d75a856d121f0e1080aaa7c72e8bfbce6552569d9fa1bb3e5a nginx-mod-http-xslt-filter-debuginfo-1.26.3-1.el10_0.9.s390x.rpm SHA-256: 8802e55020e8cfacacd8b4762b4131ec11d310ed915b0d1f32c2bd63e12b2cdf nginx-mod-mail-1.26.3-1.el10_0.9.s390x.rpm SHA-256: 73b66e1b77252f401eaa8d795d8c2e46b59b2f838029da6419b7ccf608181ca9 nginx-mod-mail-debuginfo-1.26.3-1.el10_0.9.s390x.rpm SHA-256: 1f73bebef8c2bf25b37c8ed812fb95b4a360d8e9105851d01aeb477e4857f364 nginx-mod-stream-1.26.3-1.el10_0.9.s390x.rpm SHA-256: 190f94b94d2faa6fdd5ce7fa0dba1a6a4b5d89ca4e7e496d4d3b4e88ae0e09fa nginx-mod-stream-debuginfo-1.26.3-1.el10_0.9.s390x.rpm SHA-256: a649f8d067a3b9c30752184e3d7c3f1fcb857ee1aac00f1985d0d5d6cf4681df Red Hat Enterprise Linux for Power, little endian - Extended Update Support 10.0 SRPM nginx-1.26.3-1.el10_0.9.src.rpm SHA-256: 858c1f4a10aac10253db09617d72fb9c79debab3214fb2bfa6f2f5dd3edd70d8 ppc64le nginx-1.26.3-1.el10_0.9.ppc64le.rpm SHA-256: 6057f64e26ae6cef3f744ef43df0751e1516710a66a62a216b498c75589af6e7 nginx-all-modules-1.26.3-1.el10_0.9.noarch.rpm SHA-256: 5520f50e4e497387c91da69f7984e34627577846be4d722ecb086122dac58b89 nginx-core-1.26.3-1.el10_0.9.ppc64le.rpm SHA-256: 62343b5bc90905db21676067ac629cc75abddd959d1ad1c8d3790b92bdcf914b nginx-core-debuginfo-1.26.3-1.el10_0.9.ppc64le.rpm SHA-256: c74ed658b3390733a0989985ec69a4b29c6b9cd3704b08a4f6ba016437b1e51c nginx-debuginfo-1.26.3-1.el10_0.9.ppc64le.rpm SHA-256: f5b1ccb106896830b4b3690d52b8a1fd55dac4d1e8dfe663eb68cde9d5f2fc5e nginx-debugsource-1.26.3-1.el10_0.9.ppc64le.rpm SHA-256: 81bac6d9302018a963e3d70cc4a9e0f904f968b1c8a80e8ce99ae70a9376e5ec nginx-filesystem-1.26.3-1.el10_0.9.noarch.rpm SHA-256: 53d80c5f20c785b558b5c53a6f4fdea2eb3ef6c759243030d48ce2db9e39c0ab nginx-mod-http-image-filter-1.26.3-1.el10_0.9.ppc64le.rpm SHA-256: fa8d6661683efc863d634dfb66866d0d23e63959d9053bd0326369663ef78aa5 nginx-mod-http-image-filter-debuginfo-1.26.3-1.el10_0.9.ppc64le.rpm SHA-256: 3b70a241823735e3851c23d3114379fb2f1603f682a9db296153bfcca76eedc3 nginx-mod-http-perl-1.26.3-1.el10_0.9.ppc64le.rpm SHA-256: 4f182bb82973ff821055c1320123933bdfd94c02a4615ce91060e019ba3e564a nginx-mod-http-perl-debuginfo-1.26.3-1.el10_0.9.ppc64le.rpm SHA-256: 65628248db1516f0af4e304dbf6029ce7d0625c0b2001766e8122da3e8b9b0f2 nginx-mod-http-xslt-filter-1.26.3-1.el10_0.9.ppc64le.rpm SHA-256: 7d6491a8b019adc8f94185ec3a5a4bffd91ac5839b7278c85380908a3d1470cb nginx-mod-http-xslt-filter-debuginfo-1.26.3-1.el10_0.9.ppc64le.rpm SHA-256: 8c27b56c1d78701caf9455dbe5d3d74705c1839a09282c19d3c65afa3f454ce2 nginx-mod-mail-1.26.3-1.el10_0.9.ppc64le.rpm SHA-256: 65a5d8b903af3cf70125b0f860bd692f4932efa8ee56b810eb69bdef73d103cd nginx-mod-mail-debuginfo-1.26.3-1.el10_0.9.ppc64le.rpm SHA-256: d910c113311323df4545c12b2c9b9903a1f36d2ac4b5b7015b328fab9de7de64 nginx-mod-stream-1.26.3-1.el10_0.9.ppc64le.rpm SHA-256: 4473817ae8505bb8e763af83dc8bbb3ddd659fc34636264e74e34374558bdec2 nginx-mod-stream-debuginfo-1.26.3-1.el10_0.9.ppc64le.rpm SHA-256: 90c31d8a209d6cc303d926e245c57f0fc1abcbe177d297c6fc9b1557e37428cb Red Hat Enterprise Linux for ARM 64 - Extended Update Support 10.0 SRPM nginx-1.26.3-1.el10_0.9.src.rpm SHA-256: 858c1f4a10aac10253db09617d72fb9c79debab3214fb2bfa6f2f5dd3edd70d8 aarch64 nginx-1.26.3-1.el10_0.9.aarch64.rpm SHA-256: 94592bbc678dd0f91dafe7f7296f407f41e2d5aea5d142a9e47a31e6f2cb2c73 nginx-all-modules-1.26.3-1.el10_0.9.noarch.rpm SHA-256: 5520f50e4e497387c91da69f7984e34627577846be4d722ecb086122dac58b89 nginx-core-1.26.3-1.el10_0.9.aarch64.rpm SHA-256: ec9edc9c9b