Red Hat Product Errata RHSA-2026:18041 - Security Advisory Issued: 2026-05-18 Updated: 2026-05-18 RHSA-2026:18041 - Security Advisory Overview Updated Packages Synopsis Critical: nginx:1.24 security update Type/Severity Security Advisory: Critical Red Hat Lightspeed patch analysis Identify and remediate systems affected by this advisory. View affected systems Topic An update for the nginx:1.24 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Description nginx is a web and proxy server supporting HTTP and other protocols, with a focus on high concurrency, performance, and low memory usage. Security Fix(es): nginx: NGINX: Arbitrary Code Execution Vulnerability (CVE-2026-42945) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Solution For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 Affected Products Red Hat Enterprise Linux for x86_64 8 x86_64 Red Hat Enterprise Linux for IBM z Systems 8 s390x Red Hat Enterprise Linux for Power, little endian 8 ppc64le Red Hat Enterprise Linux for ARM 64 8 aarch64 Red Hat Enterprise Linux for x86_64 - Extended Life Cycle 8.10 x86_64 Red Hat Enterprise Linux for ARM 64 - Extended Life Cycle 8.10 aarch64 Red Hat Enterprise Linux for Power, little endian - Extended Life Cycle 8.10 ppc64le Red Hat Enterprise Linux for IBM z Systems - Extended Life Cycle 8.10 s390x Fixes BZ - 2477116 - CVE-2026-42945 nginx: NGINX: Arbitrary Code Execution Vulnerability CVEs CVE-2026-42945 References https://access.redhat.com/security/updates/classification/#critical Note: More recent versions of these packages may be available. Click a package name for more details. Red Hat Enterprise Linux for x86_64 8 SRPM nginx-1.24.0-3.module+el8.10.0+24290+dc7f88b5.1.src.rpm SHA-256: 17c928e87cd152a29c87c486eb21d44735956d841c235d9375a319757841aef0 x86_64 nginx-1.24.0-3.module+el8.10.0+24290+dc7f88b5.1.x86_64.rpm SHA-256: 16e7aabe5486beff056b6b04c3536764f4497db48af18565894c6b25df831a79 nginx-all-modules-1.24.0-3.module+el8.10.0+24290+dc7f88b5.1.noarch.rpm SHA-256: 471ad9c67bb2f8266b9ac6f6e09496857a8c11403e3c0ecdd384b547ae94e6d1 nginx-debuginfo-1.24.0-3.module+el8.10.0+24290+dc7f88b5.1.x86_64.rpm SHA-256: f3bb1e7e8cde67410d37809312b89fd16217012a3220afdf2f29288cfb359e86 nginx-debugsource-1.24.0-3.module+el8.10.0+24290+dc7f88b5.1.x86_64.rpm SHA-256: 154e418c94e2c9edd52613fdacdea5d78455a8cb2354307f36acb0b6b6f49d2d nginx-filesystem-1.24.0-3.module+el8.10.0+24290+dc7f88b5.1.noarch.rpm SHA-256: 763a7210244822a7238c68945552fb2c1c83f3b9a3d18bb2c87e3855721b9975 nginx-mod-devel-1.24.0-3.module+el8.10.0+24290+dc7f88b5.1.x86_64.rpm SHA-256: 78d8b33edd42af3323f755169e239c063057cdfbde3d6e17c6acc09ef9ed6b9b nginx-mod-http-image-filter-1.24.0-3.module+el8.10.0+24290+dc7f88b5.1.x86_64.rpm SHA-256: 0b2288ab7a588229b7b74fcd17a17bd369a1b1cd59f6c976c403857e948e79dc nginx-mod-http-image-filter-debuginfo-1.24.0-3.module+el8.10.0+24290+dc7f88b5.1.x86_64.rpm SHA-256: a8dbd70867b6fd8398294e8fe3d7d2a1db75bfeeef07597c9ed98c392bf0d91d nginx-mod-http-perl-1.24.0-3.module+el8.10.0+24290+dc7f88b5.1.x86_64.rpm SHA-256: 6f0518672b192754dc7694802f395e033182139a4dbf98cb7b877e0d621f4c64 nginx-mod-http-perl-debuginfo-1.24.0-3.module+el8.10.0+24290+dc7f88b5.1.x86_64.rpm SHA-256: 8c8e8f0f0bb74488b53225661fa5495aca0e21b34d0245e27a8f6e175b454706 nginx-mod-http-xslt-filter-1.24.0-3.module+el8.10.0+24290+dc7f88b5.1.x86_64.rpm SHA-256: 5d16a1e3f5a9bf288cbc129371c15536bd06f50a5876a51144fb06885c7869b2 nginx-mod-http-xslt-filter-debuginfo-1.24.0-3.module+el8.10.0+24290+dc7f88b5.1.x86_64.rpm SHA-256: 06e980a8c5b3055a129c6aa637119e07f8bbe47c58b66010006a02027d428910 nginx-mod-mail-1.24.0-3.module+el8.10.0+24290+dc7f88b5.1.x86_64.rpm SHA-256: cc9a58201af14b854cc289ad0bc506d327c2046a9f5764e088b2ca7348746f5a nginx-mod-mail-debuginfo-1.24.0-3.module+el8.10.0+24290+dc7f88b5.1.x86_64.rpm SHA-256: 615150dfeb6f9d66af6b891b84b6b4e5b4a96d887104d90bbcd41a655d496b8e nginx-mod-stream-1.24.0-3.module+el8.10.0+24290+dc7f88b5.1.x86_64.rpm SHA-256: 7bb122057ae6110ff89579ead347bf21104c542c9a7d3fdb2c7129c2fd0f2a71 nginx-mod-stream-debuginfo-1.24.0-3.module+el8.10.0+24290+dc7f88b5.1.x86_64.rpm SHA-256: 5048fc8331157c2368e89c3a64f8e8a2c32bb4c5e68aec1e25d8ed471c535393 nginx-all-modules-1.24.0-3.module+el8.10.0+24290+dc7f88b5.1.noarch.rpm SHA-256: 471ad9c67bb2f8266b9ac6f6e09496857a8c11403e3c0ecdd384b547ae94e6d1 nginx-filesystem-1.24.0-3.module+el8.10.0+24290+dc7f88b5.1.noarch.rpm SHA-256: 763a7210244822a7238c68945552fb2c1c83f3b9a3d18bb2c87e3855721b9975 nginx-all-modules-1.24.0-3.module+el8.10.0+24290+dc7f88b5.1.noarch.rpm SHA-256: 471ad9c67bb2f8266b9ac6f6e09496857a8c11403e3c0ecdd384b547ae94e6d1 nginx-filesystem-1.24.0-3.module+el8.10.0+24290+dc7f88b5.1.noarch.rpm SHA-256: 763a7210244822a7238c68945552fb2c1c83f3b9a3d18bb2c87e3855721b9975 Red Hat Enterprise Linux for IBM z Systems 8 SRPM nginx-1.24.0-3.module+el8.10.0+24290+dc7f88b5.1.src.rpm SHA-256: 17c928e87cd152a29c87c486eb21d44735956d841c235d9375a319757841aef0 s390x nginx-all-modules-1.24.0-3.module+el8.10.0+24290+dc7f88b5.1.noarch.rpm SHA-256: 471ad9c67bb2f8266b9ac6f6e09496857a8c11403e3c0ecdd384b547ae94e6d1 nginx-filesystem-1.24.0-3.module+el8.10.0+24290+dc7f88b5.1.noarch.rpm SHA-256: 763a7210244822a7238c68945552fb2c1c83f3b9a3d18bb2c87e3855721b9975 nginx-all-modules-1.24.0-3.module+el8.10.0+24290+dc7f88b5.1.noarch.rpm SHA-256: 471ad9c67bb2f8266b9ac6f6e09496857a8c11403e3c0ecdd384b547ae94e6d1 nginx-filesystem-1.24.0-3.module+el8.10.0+24290+dc7f88b5.1.noarch.rpm SHA-256: 763a7210244822a7238c68945552fb2c1c83f3b9a3d18bb2c87e3855721b9975 nginx-1.24.0-3.module+el8.10.0+24290+dc7f88b5.1.s390x.rpm SHA-256: 97f58a0207a3a2868f09f95d469ae702bed46941b69bd741b03d0008c3c2e2ab nginx-debuginfo-1.24.0-3.module+el8.10.0+24290+dc7f88b5.1.s390x.rpm SHA-256: b7ae653532668511d9b94a46fb46ab605d54c17d018d038f6e06509e26faa987 nginx-debugsource-1.24.0-3.module+el8.10.0+24290+dc7f88b5.1.s390x.rpm SHA-256: c62c65b35c531e3cc9056730223a79ecf1728383178a04aaabf16c02b1203e17 nginx-mod-devel-1.24.0-3.module+el8.10.0+24290+dc7f88b5.1.s390x.rpm SHA-256: d80469fe7e6518df67908f48c18b133168030887094247bc7561b00a83814001 nginx-mod-http-image-filter-1.24.0-3.module+el8.10.0+24290+dc7f88b5.1.s390x.rpm SHA-256: 6e5250a3299fe575e58b341fbdf90573e67557c7f97b60a71c8281595cfa769e nginx-mod-http-image-filter-debuginfo-1.24.0-3.module+el8.10.0+24290+dc7f88b5.1.s390x.rpm SHA-256: fdda0d7655ad023ad5e00ca8650d6a598075b50681485956557f5bd2b6c74faa nginx-mod-http-perl-1.24.0-3.module+el8.10.0+24290+dc7f88b5.1.s390x.rpm SHA-256: 3759d3803bba1e600584a8039a5b27d4903aec0e88f37d5fc1fcf4a781e29ab1 nginx-mod-http-perl-debuginfo-1.24.0-3.module+el8.10.0+24290+dc7f88b5.1.s390x.rpm SHA-256: c60c1520f1e9ebb2b723dd5265afee705ee10cba71512229eb5caba28ea98600 nginx-mod-http-xslt-filter-1.24.0-3.module+el8.10.0+24290+dc7f88b5.1.s390x.rpm SHA-256: 99cc04213eaff4a5bd271bf68dd0c73e89471d29d63724c935f56b17e2270a04 nginx-mod-http-xslt-filter-debuginfo-1.24.0-3.module+el8.10.0+24290+dc7f88b5.1.s390x.rpm SHA-256: cb869139aba0a886bafdbbc2d18218de83ebb55c5723e05ae33d159c5f0e72cd nginx-mod-mail-1.24.0-3.module+el8.10.0+24290+dc7f88b5.1.s390x.rpm SHA-256: 893e9996f8c1db8b11e22b904fffc82a84942c7c704136789fa9ab4fec557864 nginx-mod-mail-debuginfo-1.24.0-3.module+el8.10.0+24290+dc7f88b5.1.s390x.rpm SHA-256: 64d0a2db3b3b4e735c07a9e365c874b4c0e6b6c2174f7f4e3e020efb392551d5 nginx-mod-stream-1.24.0-3.module+el8.10.0+24290+dc7f88b5.1.s390x.rpm SHA-256: c28fa605715c87179661a42c10e63f318f3626d32be2c4409f21344c3fcdbd09 nginx-mod-stream-debuginfo-1.24.0-3.module+el8.10.0+24290+dc7f88b5.1.s390x.rpm SHA-256: 257284abb01ebc983376b3f38f4917e19862e4a81e930b7642d73c78b09f2308 nginx-all-modules-1.24.0-3.module+el8.10.0+24290+dc7f88b5.1.noarch.rpm SHA-256: 471ad9c67bb2f8266b9ac6f6e09496857a8c11403e3c0ecdd384b547ae94e6d1 nginx-filesystem-1.24.0-3.module+el8.10.0+24290+dc7f88b5.1.noarch.rpm SHA-256: 763a7210244822a7238c68945552fb2c1c83f3b9a3d18bb2c87e3855721b9975 Red Hat Enterprise Linux for Power, little endian 8 SRPM nginx-1.24.0-3.module+el8.10.0+24290+dc7f88b5.1.src.rpm SHA-256: 17c928e87cd152a29c87c486eb21d44735956d841c235d9375a319757841aef0 ppc64le nginx-all-modules-1.24.0-3.module+el8.10.0+24290+dc7f88b5.1.noarch.rpm SHA-256: 471ad9c67bb2f8266b9ac6f6e09496857a8c11403e3c0ecdd384b547ae94e6d1 nginx-filesystem-1.24.0-3.module+el8.10.0+24290+dc7f88b5.1.noarch.rpm SHA-256: 763a7210244822a7238c68945552fb2c1c83f3b9a3d18bb2c87e3855721b9975 nginx-all-modules-1.24.0-3.module+el8.10.0+24290+dc7f88b5.1.noarch.rpm SHA-256: 471ad9c67bb2f8266b9ac6f6e09496857a8c11403e3c0ecdd384b547ae94e6d1 nginx-filesystem-1.24.0-3.module+el8.10.0+24290+dc7f88b5.1.noarch.rpm SHA-256: 763a7210244822a7238c68945552fb2c1c83f3b9a3d18bb2c87e3855721b9975 nginx-1.24.0-3.module+el8.10.0+24290+dc7f88b5.1.ppc64le.rpm SHA-256: a794b9938833ba85f0a58cfa6724cdf7dd02c6a213af6ba163cebdca840a7dda nginx-all-modules-1.24.0-3.module+el8.10.0+24290+dc7f88b5.1.noarch.rpm SHA-256: 471ad9c67bb2f8266b9ac6f6e09496857a8c11403e3c0ecdd384b547ae94e6d1 nginx-debuginfo-1.24.0-3.module+el8.10.0+24290+dc7f88b5.1.ppc64le.rpm SHA-256: 7e9d6ebcf79cc48c89a4f5b4977dbb9989fe90eb306eb756394b8894b7325a4b nginx-debugsource-1.24.0-3.module+el8.10.0+24290+dc7f88b5.1.ppc64le.rpm SHA-256: 70cba018e4a7e97bcd28ad9f39a50a36b8b97d94443ae0805f06955d33d43128 nginx-filesystem-1.24.0-3.module+el8.10.0+24290+dc7f88b5.1.noarch.rpm SHA-256: 763a7210244822a7238c68945552fb2c1c83f3b9a3d18bb2c87e3855721b9975 nginx-mod-devel-1.24.0-3.module+el8.10.0+24290+dc7f88b5.1.ppc64le.rpm SHA-256: 2ef022915dd53f8d12d90e50324f03ce6d3d