Red Hat Product Errata RHSA-2026:19159 - Security Advisory Issued: 2026-05-19 Updated: 2026-05-19 RHSA-2026:19159 - Security Advisory Overview Updated Packages Synopsis Critical: nginx security update Type/Severity Security Advisory: Critical Red Hat Lightspeed patch analysis Identify and remediate systems affected by this advisory. View affected systems Topic An update for nginx is now available for Red Hat Enterprise Linux 10. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Description nginx is a web and proxy server supporting HTTP and other protocols, with a focus on high concurrency, performance, and low memory usage. Security Fix(es): nginx: NGINX: Arbitrary Code Execution Vulnerability (CVE-2026-42945) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Solution For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 Affected Products Red Hat Enterprise Linux for x86_64 10 x86_64 Red Hat Enterprise Linux for x86_64 - Extended Update Support 10.2 x86_64 Red Hat Enterprise Linux for IBM z Systems 10 s390x Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 10.2 s390x Red Hat Enterprise Linux for Power, little endian 10 ppc64le Red Hat Enterprise Linux for Power, little endian - Extended Update Support 10.2 ppc64le Red Hat Enterprise Linux for ARM 64 10 aarch64 Red Hat Enterprise Linux for ARM 64 - Extended Update Support 10.2 aarch64 Red Hat CodeReady Linux Builder for x86_64 10 x86_64 Red Hat CodeReady Linux Builder for Power, little endian 10 ppc64le Red Hat CodeReady Linux Builder for ARM 64 10 aarch64 Red Hat CodeReady Linux Builder for IBM z Systems 10 s390x Red Hat CodeReady Linux Builder for x86_64 - Extended Update Support 10.2 x86_64 Red Hat CodeReady Linux Builder for Power, little endian - Extended Update Support 10.2 ppc64le Red Hat CodeReady Linux Builder for IBM z Systems - Extended Update Support 10.2 s390x Red Hat CodeReady Linux Builder for ARM 64 - Extended Update Support 10.2 aarch64 Red Hat Enterprise Linux for ARM 64 - 4 years of updates 10.2 aarch64 Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 10.2 s390x Red Hat Enterprise Linux for Power, little endian - 4 years of support 10.2 ppc64le Red Hat Enterprise Linux for x86_64 - 4 years of updates 10.2 x86_64 Red Hat Enterprise Linux for x86_64 - Extended Life Cycle 10.2 x86_64 Red Hat Enterprise Linux for ARM 64 - Extended Life Cycle 10.2 aarch64 Red Hat Enterprise Linux for Power, little endian - Extended Life Cycle 10.2 ppc64le Red Hat Enterprise Linux for IBM z Systems - Extended Life Cycle 10.2 s390x Fixes BZ - 2477116 - CVE-2026-42945 nginx: NGINX: Arbitrary Code Execution Vulnerability CVEs CVE-2026-42945 References https://access.redhat.com/security/updates/classification/#critical Note: More recent versions of these packages may be available. Click a package name for more details. Red Hat Enterprise Linux for x86_64 10 SRPM nginx-1.26.3-6.el10_2.3.src.rpm SHA-256: a4e54e69a622576163bedc98adb49bd711d93b28ee4f23867cea35e5b2cba235 x86_64 nginx-1.26.3-6.el10_2.3.x86_64.rpm SHA-256: 434a7226b6e2e6852ebe400e0f0a47fd0990b9983457f1503468933b40ac62cc nginx-all-modules-1.26.3-6.el10_2.3.noarch.rpm SHA-256: f2c0582d53c0506c8383e03f42cde380d1ad1e1cc850aa191be3066d4f009a7a nginx-core-1.26.3-6.el10_2.3.x86_64.rpm SHA-256: 4d17fa2de10a4fc2d4592f8be27b550136262ea26a8b59e5fcf51e690ce01043 nginx-core-debuginfo-1.26.3-6.el10_2.3.x86_64.rpm SHA-256: 2c12f59e3500df730c87c0754841d0cfccde4c94926df27d8d9c7ca9cedecacb nginx-debuginfo-1.26.3-6.el10_2.3.x86_64.rpm SHA-256: 20e04e4a7624c180e8da9ce6017ab97b52df1e28b024b27e4044dc0eb936ada3 nginx-debugsource-1.26.3-6.el10_2.3.x86_64.rpm SHA-256: a3d13a6714fb6fca898d89a906f55486c61c9943d403e6da08d4abf826a78c7a nginx-filesystem-1.26.3-6.el10_2.3.noarch.rpm SHA-256: cbb5077c8f581a8c536d691a8247e296a05784dd58cccee472729c8e82f25ded nginx-mod-http-image-filter-1.26.3-6.el10_2.3.x86_64.rpm SHA-256: 2495b0be20a64d93df1064d472a578df0871c2e8163ca25987986f2d5496f2c2 nginx-mod-http-image-filter-debuginfo-1.26.3-6.el10_2.3.x86_64.rpm SHA-256: 081f3a559b1a171b370649cd6db4570d33b528391b79dc62f34f5dfbf098683e nginx-mod-http-perl-1.26.3-6.el10_2.3.x86_64.rpm SHA-256: 9db7ec23b4cbf0887218ed115695faf9988251e1a5c24a8939d68977734fc2f3 nginx-mod-http-perl-debuginfo-1.26.3-6.el10_2.3.x86_64.rpm SHA-256: af67a6981fcbc395155d429a518e12720b81fe081c92ffaa53e178e67ca78049 nginx-mod-http-xslt-filter-1.26.3-6.el10_2.3.x86_64.rpm SHA-256: 2446db5c674e1573932a463a7caa863f4c92c1464610f3537a16e869d8a064c5 nginx-mod-http-xslt-filter-debuginfo-1.26.3-6.el10_2.3.x86_64.rpm SHA-256: b02f8d7336a02ec7ab946d184ae478962992c2ee4a8761b2cd6520323d4ad43c nginx-mod-mail-1.26.3-6.el10_2.3.x86_64.rpm SHA-256: 15b4d8b3e7c4aa02897eae7b52c1e238405ef3869bfd1f500d238ee64f33a07e nginx-mod-mail-debuginfo-1.26.3-6.el10_2.3.x86_64.rpm SHA-256: 7ef42ebe57c6da4540ca72ae2ded60a21b2cc0932bf4a14fa2416f233fb74188 nginx-mod-stream-1.26.3-6.el10_2.3.x86_64.rpm SHA-256: 73cd749964ddefe83f58399bdbdb2ba154f614f4817908cd0576644a91473877 nginx-mod-stream-debuginfo-1.26.3-6.el10_2.3.x86_64.rpm SHA-256: e2505188f4ce09183f5cc7f708d9fcf682cd3ff356285ea216671e67d1b47049 Red Hat Enterprise Linux for x86_64 - Extended Update Support 10.2 SRPM nginx-1.26.3-6.el10_2.3.src.rpm SHA-256: a4e54e69a622576163bedc98adb49bd711d93b28ee4f23867cea35e5b2cba235 x86_64 nginx-1.26.3-6.el10_2.3.x86_64.rpm SHA-256: 434a7226b6e2e6852ebe400e0f0a47fd0990b9983457f1503468933b40ac62cc nginx-all-modules-1.26.3-6.el10_2.3.noarch.rpm SHA-256: f2c0582d53c0506c8383e03f42cde380d1ad1e1cc850aa191be3066d4f009a7a nginx-core-1.26.3-6.el10_2.3.x86_64.rpm SHA-256: 4d17fa2de10a4fc2d4592f8be27b550136262ea26a8b59e5fcf51e690ce01043 nginx-core-debuginfo-1.26.3-6.el10_2.3.x86_64.rpm SHA-256: 2c12f59e3500df730c87c0754841d0cfccde4c94926df27d8d9c7ca9cedecacb nginx-debuginfo-1.26.3-6.el10_2.3.x86_64.rpm SHA-256: 20e04e4a7624c180e8da9ce6017ab97b52df1e28b024b27e4044dc0eb936ada3 nginx-debugsource-1.26.3-6.el10_2.3.x86_64.rpm SHA-256: a3d13a6714fb6fca898d89a906f55486c61c9943d403e6da08d4abf826a78c7a nginx-filesystem-1.26.3-6.el10_2.3.noarch.rpm SHA-256: cbb5077c8f581a8c536d691a8247e296a05784dd58cccee472729c8e82f25ded nginx-mod-http-image-filter-1.26.3-6.el10_2.3.x86_64.rpm SHA-256: 2495b0be20a64d93df1064d472a578df0871c2e8163ca25987986f2d5496f2c2 nginx-mod-http-image-filter-debuginfo-1.26.3-6.el10_2.3.x86_64.rpm SHA-256: 081f3a559b1a171b370649cd6db4570d33b528391b79dc62f34f5dfbf098683e nginx-mod-http-perl-1.26.3-6.el10_2.3.x86_64.rpm SHA-256: 9db7ec23b4cbf0887218ed115695faf9988251e1a5c24a8939d68977734fc2f3 nginx-mod-http-perl-debuginfo-1.26.3-6.el10_2.3.x86_64.rpm SHA-256: af67a6981fcbc395155d429a518e12720b81fe081c92ffaa53e178e67ca78049 nginx-mod-http-xslt-filter-1.26.3-6.el10_2.3.x86_64.rpm SHA-256: 2446db5c674e1573932a463a7caa863f4c92c1464610f3537a16e869d8a064c5 nginx-mod-http-xslt-filter-debuginfo-1.26.3-6.el10_2.3.x86_64.rpm SHA-256: b02f8d7336a02ec7ab946d184ae478962992c2ee4a8761b2cd6520323d4ad43c nginx-mod-mail-1.26.3-6.el10_2.3.x86_64.rpm SHA-256: 15b4d8b3e7c4aa02897eae7b52c1e238405ef3869bfd1f500d238ee64f33a07e nginx-mod-mail-debuginfo-1.26.3-6.el10_2.3.x86_64.rpm SHA-256: 7ef42ebe57c6da4540ca72ae2ded60a21b2cc0932bf4a14fa2416f233fb74188 nginx-mod-stream-1.26.3-6.el10_2.3.x86_64.rpm SHA-256: 73cd749964ddefe83f58399bdbdb2ba154f614f4817908cd0576644a91473877 nginx-mod-stream-debuginfo-1.26.3-6.el10_2.3.x86_64.rpm SHA-256: e2505188f4ce09183f5cc7f708d9fcf682cd3ff356285ea216671e67d1b47049 Red Hat Enterprise Linux for IBM z Systems 10 SRPM nginx-1.26.3-6.el10_2.3.src.rpm SHA-256: a4e54e69a622576163bedc98adb49bd711d93b28ee4f23867cea35e5b2cba235 s390x nginx-1.26.3-6.el10_2.3.s390x.rpm SHA-256: 78a598a0e9c097ee3f3cccd98882a5014252ab81b5f7ffbd76033ab6346f06c5 nginx-all-modules-1.26.3-6.el10_2.3.noarch.rpm SHA-256: f2c0582d53c0506c8383e03f42cde380d1ad1e1cc850aa191be3066d4f009a7a nginx-core-1.26.3-6.el10_2.3.s390x.rpm SHA-256: af9ebba681cde7f43a0c2ab96a3ecdfd1fccaecf2b6377362ca41172f9ada56c nginx-core-debuginfo-1.26.3-6.el10_2.3.s390x.rpm SHA-256: de9b3ba640583b8eb782e24e786c1a72fc1bf794007c4c58d2c6b0ca6d422b01 nginx-debuginfo-1.26.3-6.el10_2.3.s390x.rpm SHA-256: 6694004e1ec2cfce805135fcdab0bb6ecf35453fc875f8559829a14fac07357e nginx-debugsource-1.26.3-6.el10_2.3.s390x.rpm SHA-256: 001df6119ae8345bfcc0bc51156654fc4e5e07ee641dafff32b0fd8dfbf74694 nginx-filesystem-1.26.3-6.el10_2.3.noarch.rpm SHA-256: cbb5077c8f581a8c536d691a8247e296a05784dd58cccee472729c8e82f25ded nginx-mod-http-image-filter-1.26.3-6.el10_2.3.s390x.rpm SHA-256: 74e71c11d94d604c0f705a5afaf21a0c2ee79b3a7f267c6ca2d99767a6613f1a nginx-mod-http-image-filter-debuginfo-1.26.3-6.el10_2.3.s390x.rpm SHA-256: 3c5c12694b9bb7daa1dc3e349b9aa3daeaea9d03dbb4a894b6ce0868f4e0c6d8 nginx-mod-http-perl-1.26.3-6.el10_2.3.s390x.rpm SHA-256: 0af85b917af92f0af35304c14ea832c7420ed783c5d6df5654e6283cfd8754f9 nginx-mod-http-perl-debuginfo-1.26.3-6.el10_2.3.s390x.rpm SHA-256: 57c920cde547c8e5ac74b4b0590bbe6e28ac21ea8608d527d9aeaa08e809c4ee nginx-mod-http-xslt-filter-1.26.3-6.el10_2.3.s390x.rpm SHA-256: 09578e22fa1158c4c5cce356b789fc0703130e48389cdcf129a7e127892a1c96 nginx-mod-http-xslt-filter-debuginfo-1.26.3-6.el10_2.3.s390x.rpm SHA-256: d173732b9828ffd023a7d75728b563e4aab05178b8e4ae92c1983d053d7f92fe nginx-mod-mail-1.26.3-6.el10_2.3.s390x.rpm SHA-256: c28b5242a7509b61582a69a84464f9893b7d1bbdbbbb28fdc8c22aa87d6602fa nginx-mod-mail-debuginfo-1.26.3-6.el10_2.3.s390x.rpm SHA-256: e37361d420b67e2ed0d13e7d26aa0a54995f7774b093b0f1d7f88f2e6db3a94e nginx-mod-stream-1.26.3-6.el10_2.3.s390x.rpm SHA-256: 4a59ff2461efbe8c67eef73911ada295892618a36