A critical arbitrary code execution vulnerability (CVE-2026-42945, CVSS 8.1 HIGH) in nginx affects Red Hat Enterprise Linux 9. The article does not specify the exact attack vector, affected nginx version ranges, or the fixed package version. Red Hat has released updated packages rated as Critical; administrators should apply the referenced errata to their RHEL 9 systems immediately.
Red Hat Product Errata RHSA-2026:18029 - Security Advisory Issued: 2026-05-18 Updated: 2026-05-18 RHSA-2026:18029 - Security Advisory Overview Updated Packages Synopsis Critical: nginx security update Type/Severity Security Advisory: Critical Red Hat Lightspeed patch analysis Identify and remediate systems affected by this advisory. View affected systems Topic An update for nginx is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Description nginx is a web and proxy server supporting HTTP and other protocols, with a focus on high concurrency, performance, and low memory usage. Security Fix(es): nginx: NGINX: Arbitrary Code Execution Vulnerability (CVE-2026-42945) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Solution For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 Affected Products Red Hat Enterprise Linux for x86_64 9 x86_64 Red Hat Enterprise Linux for IBM z Systems 9 s390x Red Hat Enterprise Linux for Power, little endian 9 ppc64le Red Hat Enterprise Linux for ARM 64 9 aarch64 Red Hat CodeReady Linux Builder for x86_64 9 x86_64 Red Hat CodeReady Linux Builder for Power, little endian 9 ppc64le Red Hat CodeReady Linux Builder for ARM 64 9 aarch64 Red Hat CodeReady Linux Builder for IBM z Systems 9 s390x Fixes BZ - 2477116 - CVE-2026-42945 nginx: NGINX: Arbitrary Code Execution Vulnerability CVEs CVE-2026-42945 References https://access.redhat.com/security/updates/classification/#critical Note: More recent versions of these packages may be available. Click a package name for more details. Red Hat Enterprise Linux for x86_64 9 SRPM nginx-1.20.1-24.el9_7.3.src.rpm SHA-256: a80160207d2192fc5e354c4e4a80f7d10e92660044d1ca7e2622b0859624dbd3 x86_64 nginx-1.20.1-24.el9_7.3.x86_64.rpm SHA-256: 195d44ffef4127d64887d877f8ec11dd1565c3ae129dde8b1ea3e769aefba7fe nginx-all-modules-1.20.1-24.el9_7.3.noarch.rpm SHA-256: 9600827a36c082cf1227b419854d054ea51de44c663ec369a4710c89ccef5e53 nginx-core-1.20.1-24.el9_7.3.x86_64.rpm SHA-256: aa51c8a833b87d33647aba18ddea813f2d9bc46b2efc30347930fa8ef7a08351 nginx-core-debuginfo-1.20.1-24.el9_7.3.x86_64.rpm SHA-256: 2b91bc67def9fcf3a94eb55348c1a1c05bc4883beef88118fdd898bd084ae878 nginx-debuginfo-1.20.1-24.el9_7.3.x86_64.rpm SHA-256: 46cee04962d92cb2de7e9d0b63587831a2b290366da0cfb537f0a32d70bef35e nginx-debugsource-1.20.1-24.el9_7.3.x86_64.rpm SHA-256: 741b3e31decdba2d7a4777bfa56dada8f064a5165b9329640aae6b208512752b nginx-filesystem-1.20.1-24.el9_7.3.noarch.rpm SHA-256: 886440104ebede3045246d6ca5a882fb0752f1971ee29df780d3fbaabd4d4b59 nginx-mod-http-image-filter-1.20.1-24.el9_7.3.x86_64.rpm SHA-256: 22e1f6ec9e04344daa48ee25c88b951e49e0f6189ab0e006c3d126404c937ac8 nginx-mod-http-image-filter-debuginfo-1.20.1-24.el9_7.3.x86_64.rpm SHA-256: 31868665abf69a3ee9ebc50bf965234f5eacb147397169708a9854e82b7be4c1 nginx-mod-http-perl-1.20.1-24.el9_7.3.x86_64.rpm SHA-256: 987b74f81e9a49e9dc587996c553575ec6afe88630bf2520cef5c341edc9c2d4 nginx-mod-http-perl-debuginfo-1.20.1-24.el9_7.3.x86_64.rpm SHA-256: e6a88ae6df854fa3ba4bf6d84100d82c780ccc13ad7caa70ecfe35a3a4335dda nginx-mod-http-xslt-filter-1.20.1-24.el9_7.3.x86_64.rpm SHA-256: aa05adec324e8bb8cfed49ff234a9beda4eb73d74c7d6695bc70a0a26ae242a6 nginx-mod-http-xslt-filter-debuginfo-1.20.1-24.el9_7.3.x86_64.rpm SHA-256: f233cdc6086df255b4652e957c8694e7f8c35634e7d7c3d79c45214c7eb95c13 nginx-mod-mail-1.20.1-24.el9_7.3.x86_64.rpm SHA-256: d5639ba78585988265e967f71ce099e77e7ef4a7074e3eab6418f5156df25868 nginx-mod-mail-debuginfo-1.20.1-24.el9_7.3.x86_64.rpm SHA-256: cb6820254aecd512857f48aad325f36a99e695716b7ec3476086d19ca43e79be nginx-mod-stream-1.20.1-24.el9_7.3.x86_64.rpm SHA-256: 836fe213addc914b358cbc9b9bf55bc4b73e05380e6228488cb4ce9122dde553 nginx-mod-stream-debuginfo-1.20.1-24.el9_7.3.x86_64.rpm SHA-256: 5e9f976aa130501bb6c269a5d8189799b50c496014b0d79669a891ff2f3d11eb Red Hat Enterprise Linux for IBM z Systems 9 SRPM nginx-1.20.1-24.el9_7.3.src.rpm SHA-256: a80160207d2192fc5e354c4e4a80f7d10e92660044d1ca7e2622b0859624dbd3 s390x nginx-1.20.1-24.el9_7.3.s390x.rpm SHA-256: c284cc8ef3eb07f3767cb068d0d9d7a36892f04d5b1c597ebc216c18b6e52fdf nginx-all-modules-1.20.1-24.el9_7.3.noarch.rpm SHA-256: 9600827a36c082cf1227b419854d054ea51de44c663ec369a4710c89ccef5e53 nginx-core-1.20.1-24.el9_7.3.s390x.rpm SHA-256: 3cb426ac8902f7c93110bddefbabc3f7543daf63b02256eeafc304141b3c55cb nginx-core-debuginfo-1.20.1-24.el9_7.3.s390x.rpm SHA-256: 154dce9e5b766f562e2e029c24212d842d9f12a6bd57bc7fdecd0ff20d6e48f2 nginx-debuginfo-1.20.1-24.el9_7.3.s390x.rpm SHA-256: 704862a6127ae464d86018d43fbd9de0a7920f59cc2cce3543ef1fcf27bcb549 nginx-debugsource-1.20.1-24.el9_7.3.s390x.rpm SHA-256: 17d014e62b0e73b25a4750d659bdef807eb690602b74c6c28ae747460408a4aa nginx-filesystem-1.20.1-24.el9_7.3.noarch.rpm SHA-256: 886440104ebede3045246d6ca5a882fb0752f1971ee29df780d3fbaabd4d4b59 nginx-mod-http-image-filter-1.20.1-24.el9_7.3.s390x.rpm SHA-256: 780bc5cce14d290f8699d7fa1abdad758344f72e844b9d1917125a91e341e6e2 nginx-mod-http-image-filter-debuginfo-1.20.1-24.el9_7.3.s390x.rpm SHA-256: 51dfa3e2fb0c67d2202202995694b76cb3ca0d0628d9065a650c2f0233267906 nginx-mod-http-perl-1.20.1-24.el9_7.3.s390x.rpm SHA-256: 9406e1ed45677fdec7fdb47b35a84de043fbc4003befec1bb4ed5e019e75909e nginx-mod-http-perl-debuginfo-1.20.1-24.el9_7.3.s390x.rpm SHA-256: d41e09c2b3af9f5d7300eb03f084415dd57a1f0ac05db25223efa289a466dc6c nginx-mod-http-xslt-filter-1.20.1-24.el9_7.3.s390x.rpm SHA-256: 11c4bca53aab764eca20a44d36d869f141c590645c68a97392203bbec0ba3be3 nginx-mod-http-xslt-filter-debuginfo-1.20.1-24.el9_7.3.s390x.rpm SHA-256: a041fe41d38788f8a2622decec7885120e96ce2f7a402e22ccd1c1417d59b2c5 nginx-mod-mail-1.20.1-24.el9_7.3.s390x.rpm SHA-256: f1f8bc8717d9cd6b0610d7c34dff6f7c3ac6ac84aecc6d4b4b01e0a92010b704 nginx-mod-mail-debuginfo-1.20.1-24.el9_7.3.s390x.rpm SHA-256: 87e2def41ca801d173b8b2338e5f5706931a09c4bc0c00ea2e9e0f7fe64a89c9 nginx-mod-stream-1.20.1-24.el9_7.3.s390x.rpm SHA-256: c3986876dab24cbda1b385279fa03d17178643540c80e89cf48878fe59843acd nginx-mod-stream-debuginfo-1.20.1-24.el9_7.3.s390x.rpm SHA-256: da8ad15924204a1bc0236f3898625d0bf3d68b04e91d373c7ca23a4c40caec6f Red Hat Enterprise Linux for Power, little endian 9 SRPM nginx-1.20.1-24.el9_7.3.src.rpm SHA-256: a80160207d2192fc5e354c4e4a80f7d10e92660044d1ca7e2622b0859624dbd3 ppc64le nginx-1.20.1-24.el9_7.3.ppc64le.rpm SHA-256: 83aba6af83f6dbe4ce21c4ccf2c0b640d1a9f7dc7e45333f5a29f0a4e1fc02d6 nginx-all-modules-1.20.1-24.el9_7.3.noarch.rpm SHA-256: 9600827a36c082cf1227b419854d054ea51de44c663ec369a4710c89ccef5e53 nginx-core-1.20.1-24.el9_7.3.ppc64le.rpm SHA-256: 7d36014f1c484575a984454c8161471b3d0a8798241423f31f1f167a140bc254 nginx-core-debuginfo-1.20.1-24.el9_7.3.ppc64le.rpm SHA-256: 3b5247f1111b0a5a4d6e9d72d50e5633ee2c81c8a38b3ecbf30bdd66e7f30c50 nginx-debuginfo-1.20.1-24.el9_7.3.ppc64le.rpm SHA-256: a9a605af88c33bccdf57d141404d1c2e374a9896e0b376d42400f2575c10e858 nginx-debugsource-1.20.1-24.el9_7.3.ppc64le.rpm SHA-256: b457afb13c26389c8db3c0ace1fc671ee5db1ade497f9f44a1da209f81abd992 nginx-filesystem-1.20.1-24.el9_7.3.noarch.rpm SHA-256: 886440104ebede3045246d6ca5a882fb0752f1971ee29df780d3fbaabd4d4b59 nginx-mod-http-image-filter-1.20.1-24.el9_7.3.ppc64le.rpm SHA-256: b3fc1e229fbf5922a33a92131718ad4024b97aa6077506030dc6884381acdfaa nginx-mod-http-image-filter-debuginfo-1.20.1-24.el9_7.3.ppc64le.rpm SHA-256: 584a52a063c591ffeb5cf0a7cf4ea802a84377f230f1f347023118bb14534996 nginx-mod-http-perl-1.20.1-24.el9_7.3.ppc64le.rpm SHA-256: c1b97995020030986357b0608c8eb7f4c48d1ab0bf4407ce407a08f3e5238d03 nginx-mod-http-perl-debuginfo-1.20.1-24.el9_7.3.ppc64le.rpm SHA-256: fee8b945d10f0d49b8a493054ec964d3db008545c98993529f84a29a495a276a nginx-mod-http-xslt-filter-1.20.1-24.el9_7.3.ppc64le.rpm SHA-256: c29f521622acb009eafcf68ae5bd48325ed529a75eab5f83839c18c3252ce12d nginx-mod-http-xslt-filter-debuginfo-1.20.1-24.el9_7.3.ppc64le.rpm SHA-256: ecd7103860ce365cb190ad240f469be3a4bb94c708a0c0fe84eff04c8e845ce3 nginx-mod-mail-1.20.1-24.el9_7.3.ppc64le.rpm SHA-256: d999bb536be407ffe9fc681d565ba241f445c95ca891e0492b256453aff3766a nginx-mod-mail-debuginfo-1.20.1-24.el9_7.3.ppc64le.rpm SHA-256: 90e5672efe5449b134f01df3e16310c192b1d2ad5ddfa713994a21fcd7661c34 nginx-mod-stream-1.20.1-24.el9_7.3.ppc64le.rpm SHA-256: 59974c3e59ddeb9f580ca1d7b211b42b6581dd0b7ab71a5acb34ae18c46a8814 nginx-mod-stream-debuginfo-1.20.1-24.el9_7.3.ppc64le.rpm SHA-256: 177c090e32be95ada06a65dc01715480d3f01e5bce358d0599eb56541fa1f80f Red Hat Enterprise Linux for ARM 64 9 SRPM nginx-1.20.1-24.el9_7.3.src.rpm SHA-256: a80160207d2192fc5e354c4e4a80f7d10e92660044d1ca7e2622b0859624dbd3 aarch64 nginx-1.20.1-24.el9_7.3.aarch64.rpm SHA-256: 0edf6e206fae94d8afb9b09814c98803f0e2cb289dbb58c403dc74b9d12bba3a nginx-all-modules-1.20.1-24.el9_7.3.noarch.rpm SHA-256: 9600827a36c082cf1227b419854d054ea51de44c663ec369a4710c89ccef5e53 nginx-core-1.20.1-24.el9_7.3.aarch64.rpm SHA-256: 50ff5bb1b51acfc0312cfb9974ea7e61f6c29226a2044588e3eaca3451ae5b9d nginx-core-debuginfo-1.20.1-24.el9_7.3.aarch64.rpm SHA-256: edf85b3fa119f593b084f658dcc2d4d296da5c0d518fbc3bd81c4258edca377d nginx-debuginfo-1.20.1-24.el9_7.3.aarch64.rpm SHA-256: 894269a93eaac1ac137a6713839aea1ed0ce3452c6abdf0d851699e7b3a11b30 nginx-debugsource-1.20.1-24.el9_7.3.aarch64.rpm SHA-256: 4f19e74f5deb6081da928612c3a0ca227e760ec80589a5973d70981edc55a68b nginx-filesystem-1.20.1-24.el9_7.3.noarch.rpm SHA-256: 886440104ebede3045246d6ca5a882fb0752f1971ee29df780d3fbaabd4d4b59 nginx-mod-http-image-filter-1.20.1-24.el9_7.3.aarch64.rpm SHA-256: f82783dab9a6b5f5d2f257b5d92ad54365eb54d4eb21eba46ced78828ac8028e