Red Hat Product Errata RHSA-2026:17794 - Security Advisory Issued: 2026-05-15 Updated: 2026-05-15 RHSA-2026:17794 - Security Advisory Overview Updated Packages Synopsis Critical: nginx security update Type/Severity Security Advisory: Critical Red Hat Lightspeed patch analysis Identify and remediate systems affected by this advisory. View affected systems Topic An update for nginx is now available for Red Hat Enterprise Linux 9.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Description nginx is a web and proxy server supporting HTTP and other protocols, with a focus on high concurrency, performance, and low memory usage. Security Fix(es): nginx: NGINX: Arbitrary Code Execution Vulnerability (CVE-2026-42945) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Solution For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 Affected Products Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.6 x86_64 Red Hat Enterprise Linux Server - AUS 9.6 x86_64 Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 9.6 s390x Red Hat Enterprise Linux for Power, little endian - Extended Update Support 9.6 ppc64le Red Hat Enterprise Linux for ARM 64 - Extended Update Support 9.6 aarch64 Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.6 ppc64le Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.6 x86_64 Red Hat CodeReady Linux Builder for x86_64 - Extended Update Support 9.6 x86_64 Red Hat CodeReady Linux Builder for Power, little endian - Extended Update Support 9.6 ppc64le Red Hat CodeReady Linux Builder for IBM z Systems - Extended Update Support 9.6 s390x Red Hat CodeReady Linux Builder for ARM 64 - Extended Update Support 9.6 aarch64 Red Hat Enterprise Linux for ARM 64 - 4 years of updates 9.6 aarch64 Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 9.6 s390x Red Hat Enterprise Linux for x86_64 - Extended Life Cycle 9.6 x86_64 Red Hat Enterprise Linux for ARM 64 - Extended Life Cycle 9.6 aarch64 Red Hat Enterprise Linux for Power, little endian - Extended Life Cycle 9.6 ppc64le Red Hat Enterprise Linux for IBM z Systems - Extended Life Cycle 9.6 s390x Fixes BZ - 2477116 - CVE-2026-42945 nginx: NGINX: Arbitrary Code Execution Vulnerability CVEs CVE-2026-42945 References https://access.redhat.com/security/updates/classification/#critical Note: More recent versions of these packages may be available. Click a package name for more details. Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.6 SRPM nginx-1.20.1-22.el9_6.6.src.rpm SHA-256: f20c11c1c3d66b60fe38c899ec37f13331c6b1aba76a851585744032c3ef36ba x86_64 nginx-1.20.1-22.el9_6.6.x86_64.rpm SHA-256: 6afa2a5225ef866f384fb6304c8cf28f31a4339a47eaa818c175e3d0126bfe1c nginx-all-modules-1.20.1-22.el9_6.6.noarch.rpm SHA-256: 0fcd1af97e7c82291f3264e8fb3969c29fb14bb382f41a59a1e7234f5703a0a0 nginx-core-1.20.1-22.el9_6.6.x86_64.rpm SHA-256: c8aa01f1c9112672b04ec16a8e6f49017713caed89b19b87ceb64c8136ca1cb2 nginx-core-debuginfo-1.20.1-22.el9_6.6.x86_64.rpm SHA-256: ff278cc99b0a93fec3ff91c0445d0b348bcddb58374823cea82310f427e19496 nginx-debuginfo-1.20.1-22.el9_6.6.x86_64.rpm SHA-256: acd1fae2ceb319e5b404f00df48169bcf2c3ae03ed0e6600c931b01676f25d9b nginx-debugsource-1.20.1-22.el9_6.6.x86_64.rpm SHA-256: 1da00bbe645f4d52db22a5484202e352285f19a67dca5a97a98d644f224e9b4b nginx-filesystem-1.20.1-22.el9_6.6.noarch.rpm SHA-256: 5450a333db37b8152259036d12dc820e1f64a71b2808ec1d07e75734f700487b nginx-mod-http-image-filter-1.20.1-22.el9_6.6.x86_64.rpm SHA-256: 69334fecfa3c3596f9129490a0c267307f010f2094ca18cba8aceccedc765a2b nginx-mod-http-image-filter-debuginfo-1.20.1-22.el9_6.6.x86_64.rpm SHA-256: e6b3551f0c7a1a75ae84aa0938550aae60168cc402bbbf72b11e140aaf38ebe9 nginx-mod-http-perl-1.20.1-22.el9_6.6.x86_64.rpm SHA-256: fd66a664163f1d632cce412ee3eeaa9c42c945939a1afec8fe171766d013e5e4 nginx-mod-http-perl-debuginfo-1.20.1-22.el9_6.6.x86_64.rpm SHA-256: 7f4909d1d01a900eebc6298a096a3175d06d7e8384c2d0874c84751ec6da2221 nginx-mod-http-xslt-filter-1.20.1-22.el9_6.6.x86_64.rpm SHA-256: 8b6649d82aa8fe30033e7e30dac7f0b52f7722fa298a246b9a8757920a0214fb nginx-mod-http-xslt-filter-debuginfo-1.20.1-22.el9_6.6.x86_64.rpm SHA-256: 9421d057628c2a66b3009de8473dc687f576d7b9793c308ecedfd7c10f2b5df5 nginx-mod-mail-1.20.1-22.el9_6.6.x86_64.rpm SHA-256: 0ff0baa9123329d302b973f7c4afc0b1e94e6d78fbfe9df60bc3b2b30a446146 nginx-mod-mail-debuginfo-1.20.1-22.el9_6.6.x86_64.rpm SHA-256: 3f7c4b01d2639f6e0dc6ee7620726a4c97396358ebd8a4641b70dd87daff8d1c nginx-mod-stream-1.20.1-22.el9_6.6.x86_64.rpm SHA-256: fed8d1b18bfeef9e31b2f5cebcb3a887a35cfdff48d8a1641d9741290786ccf1 nginx-mod-stream-debuginfo-1.20.1-22.el9_6.6.x86_64.rpm SHA-256: c8e08a7709d0857270e2e2c9597265365fe09f3035a84db849f5bd5be9a84e4d Red Hat Enterprise Linux Server - AUS 9.6 SRPM nginx-1.20.1-22.el9_6.6.src.rpm SHA-256: f20c11c1c3d66b60fe38c899ec37f13331c6b1aba76a851585744032c3ef36ba x86_64 nginx-1.20.1-22.el9_6.6.x86_64.rpm SHA-256: 6afa2a5225ef866f384fb6304c8cf28f31a4339a47eaa818c175e3d0126bfe1c nginx-all-modules-1.20.1-22.el9_6.6.noarch.rpm SHA-256: 0fcd1af97e7c82291f3264e8fb3969c29fb14bb382f41a59a1e7234f5703a0a0 nginx-core-1.20.1-22.el9_6.6.x86_64.rpm SHA-256: c8aa01f1c9112672b04ec16a8e6f49017713caed89b19b87ceb64c8136ca1cb2 nginx-core-debuginfo-1.20.1-22.el9_6.6.x86_64.rpm SHA-256: ff278cc99b0a93fec3ff91c0445d0b348bcddb58374823cea82310f427e19496 nginx-debuginfo-1.20.1-22.el9_6.6.x86_64.rpm SHA-256: acd1fae2ceb319e5b404f00df48169bcf2c3ae03ed0e6600c931b01676f25d9b nginx-debugsource-1.20.1-22.el9_6.6.x86_64.rpm SHA-256: 1da00bbe645f4d52db22a5484202e352285f19a67dca5a97a98d644f224e9b4b nginx-filesystem-1.20.1-22.el9_6.6.noarch.rpm SHA-256: 5450a333db37b8152259036d12dc820e1f64a71b2808ec1d07e75734f700487b nginx-mod-http-image-filter-1.20.1-22.el9_6.6.x86_64.rpm SHA-256: 69334fecfa3c3596f9129490a0c267307f010f2094ca18cba8aceccedc765a2b nginx-mod-http-image-filter-debuginfo-1.20.1-22.el9_6.6.x86_64.rpm SHA-256: e6b3551f0c7a1a75ae84aa0938550aae60168cc402bbbf72b11e140aaf38ebe9 nginx-mod-http-perl-1.20.1-22.el9_6.6.x86_64.rpm SHA-256: fd66a664163f1d632cce412ee3eeaa9c42c945939a1afec8fe171766d013e5e4 nginx-mod-http-perl-debuginfo-1.20.1-22.el9_6.6.x86_64.rpm SHA-256: 7f4909d1d01a900eebc6298a096a3175d06d7e8384c2d0874c84751ec6da2221 nginx-mod-http-xslt-filter-1.20.1-22.el9_6.6.x86_64.rpm SHA-256: 8b6649d82aa8fe30033e7e30dac7f0b52f7722fa298a246b9a8757920a0214fb nginx-mod-http-xslt-filter-debuginfo-1.20.1-22.el9_6.6.x86_64.rpm SHA-256: 9421d057628c2a66b3009de8473dc687f576d7b9793c308ecedfd7c10f2b5df5 nginx-mod-mail-1.20.1-22.el9_6.6.x86_64.rpm SHA-256: 0ff0baa9123329d302b973f7c4afc0b1e94e6d78fbfe9df60bc3b2b30a446146 nginx-mod-mail-debuginfo-1.20.1-22.el9_6.6.x86_64.rpm SHA-256: 3f7c4b01d2639f6e0dc6ee7620726a4c97396358ebd8a4641b70dd87daff8d1c nginx-mod-stream-1.20.1-22.el9_6.6.x86_64.rpm SHA-256: fed8d1b18bfeef9e31b2f5cebcb3a887a35cfdff48d8a1641d9741290786ccf1 nginx-mod-stream-debuginfo-1.20.1-22.el9_6.6.x86_64.rpm SHA-256: c8e08a7709d0857270e2e2c9597265365fe09f3035a84db849f5bd5be9a84e4d Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 9.6 SRPM nginx-1.20.1-22.el9_6.6.src.rpm SHA-256: f20c11c1c3d66b60fe38c899ec37f13331c6b1aba76a851585744032c3ef36ba s390x nginx-1.20.1-22.el9_6.6.s390x.rpm SHA-256: bdab42ba272f9423d7b4723701774a308cb7b2cd37feade3ad4e7c120c8e2fa2 nginx-all-modules-1.20.1-22.el9_6.6.noarch.rpm SHA-256: 0fcd1af97e7c82291f3264e8fb3969c29fb14bb382f41a59a1e7234f5703a0a0 nginx-core-1.20.1-22.el9_6.6.s390x.rpm SHA-256: 5d9842c1509ac2d3fe06d9fa7b864b770b87ce8da3131106812683cf1611f8cc nginx-core-debuginfo-1.20.1-22.el9_6.6.s390x.rpm SHA-256: 353928c2e2f68c4ac9accee0e3104e5e9c9063c915bb83f1be4d29631a7bd6c7 nginx-debuginfo-1.20.1-22.el9_6.6.s390x.rpm SHA-256: e532f4b1b5439e42a7cea12a83539d0e1045d363d75127e73fdb7e3ae54a04fa nginx-debugsource-1.20.1-22.el9_6.6.s390x.rpm SHA-256: adba074ef9832cd3be265968c91a7a617c56f67b7ad89f0d4bdeed052aa95d67 nginx-filesystem-1.20.1-22.el9_6.6.noarch.rpm SHA-256: 5450a333db37b8152259036d12dc820e1f64a71b2808ec1d07e75734f700487b nginx-mod-http-image-filter-1.20.1-22.el9_6.6.s390x.rpm SHA-256: 9f249981999cf75a59efa39631dc6292e58e6969ce2d2a0cb4d9ff08ad598a3f nginx-mod-http-image-filter-debuginfo-1.20.1-22.el9_6.6.s390x.rpm SHA-256: e7e4f975d5f3af2f69063678047f43dc3af5fe5b968668414ca47dd4bd618762 nginx-mod-http-perl-1.20.1-22.el9_6.6.s390x.rpm SHA-256: a10462d83b0a6f3c840151035ba8aeea0c817e2efcfd551fe8bcde816fbda015 nginx-mod-http-perl-debuginfo-1.20.1-22.el9_6.6.s390x.rpm SHA-256: d55ebc3f4f5b18825100de45cb6d723aca46278d634f50b0a4e30331b30c6234 nginx-mod-http-xslt-filter-1.20.1-22.el9_6.6.s390x.rpm SHA-256: 1a0d3fcc0bf84821bb857f2358d9844b367523b95036c883617184392d5293fe nginx-mod-http-xslt-filter-debuginfo-1.20.1-22.el9_6.6.s390x.rpm SHA-256: 221f1928188055da2db0be2c9a918cb3aef5eb3c3fd02ab2eee2375f44ac9a95 nginx-mod-mail-1.20.1-22.el9_6.6.s390x.rpm SHA-256: 3b4a313f340d9076c77a4711ad07f69651ffa5378a486d1e5bd2841f210551ac nginx-mod-mail-debuginfo-1.20.1-22.el9_6.6.s390x.rpm SHA-256: 225af22109f25eac8e19ccfe3ed7e37c2fe1b6e8f49b3edfbca507a7e320747a nginx-mod-stream-1.20.1-22.el9_6.6.s390x.rpm SHA-256: 38dd05ad9eabe9ddd4c7cdf91170f57900f95105f6b8e991cd76c4d9ae25a256 nginx-mod-stream-debuginfo-1.20.1-22.el9_6.6.s390x.rpm SHA-256: 7544edd61686a6277d96a2655d5766c1da82cecb859a78cbc61541318ce2ba45 Red Hat Enterprise Linux for Power, little endian - Extended Update Support 9.6 SRPM nginx-1.20.1-22.el9_6.6.src.rpm SHA-256: f20c11c1c3d66b60fe38c899ec37f13331c6b1aba76a85158