Red Hat Product Errata RHSA-2026:19374 - Security Advisory Issued: 2026-05-19 Updated: 2026-05-19 RHSA-2026:19374 - Security Advisory Overview Updated Packages Synopsis Critical: nginx security update Type/Severity Security Advisory: Critical Red Hat Lightspeed patch analysis Identify and remediate systems affected by this advisory. View affected systems Topic An update for nginx is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Description nginx is a web and proxy server supporting HTTP and other protocols, with a focus on high concurrency, performance, and low memory usage. Security Fix(es): nginx: NGINX: Arbitrary Code Execution Vulnerability (CVE-2026-42945) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Solution For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 Affected Products Red Hat Enterprise Linux for x86_64 9 x86_64 Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.8 x86_64 Red Hat Enterprise Linux for IBM z Systems 9 s390x Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 9.8 s390x Red Hat Enterprise Linux for Power, little endian 9 ppc64le Red Hat Enterprise Linux for Power, little endian - Extended Update Support 9.8 ppc64le Red Hat Enterprise Linux for ARM 64 9 aarch64 Red Hat Enterprise Linux for ARM 64 - Extended Update Support 9.8 aarch64 Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.8 ppc64le Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.8 x86_64 Red Hat CodeReady Linux Builder for x86_64 9 x86_64 Red Hat CodeReady Linux Builder for Power, little endian 9 ppc64le Red Hat CodeReady Linux Builder for ARM 64 9 aarch64 Red Hat CodeReady Linux Builder for IBM z Systems 9 s390x Red Hat CodeReady Linux Builder for x86_64 - Extended Update Support 9.8 x86_64 Red Hat CodeReady Linux Builder for Power, little endian - Extended Update Support 9.8 ppc64le Red Hat CodeReady Linux Builder for IBM z Systems - Extended Update Support 9.8 s390x Red Hat CodeReady Linux Builder for ARM 64 - Extended Update Support 9.8 aarch64 Red Hat Enterprise Linux for ARM 64 - 4 years of updates 9.8 aarch64 Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 9.8 s390x Red Hat Enterprise Linux for x86_64 - Extended Life Cycle 9.8 x86_64 Red Hat Enterprise Linux for ARM 64 - Extended Life Cycle 9.8 aarch64 Red Hat Enterprise Linux for Power, little endian - Extended Life Cycle 9.8 ppc64le Red Hat Enterprise Linux for IBM z Systems - Extended Life Cycle 9.8 s390x Fixes BZ - 2477116 - CVE-2026-42945 nginx: NGINX: Arbitrary Code Execution Vulnerability CVEs CVE-2026-42945 References https://access.redhat.com/security/updates/classification/#critical Note: More recent versions of these packages may be available. Click a package name for more details. Red Hat Enterprise Linux for x86_64 9 SRPM nginx-1.20.1-28.el9_8.2.src.rpm SHA-256: 5ec986740390ce5fd810d8300dadddd53394aa2ad2e8c39b76424780752600be x86_64 nginx-1.20.1-28.el9_8.2.x86_64.rpm SHA-256: 648dd83896e35df8bb5cbfa40f6e4924933eae72be186a9193b679badb6e5f96 nginx-all-modules-1.20.1-28.el9_8.2.noarch.rpm SHA-256: 6e4b139f75107d5f47969c1b989d30b41d31197c8928bb06a3653b92d4aae002 nginx-core-1.20.1-28.el9_8.2.x86_64.rpm SHA-256: ede6775e755a9129a2e40d3de494981dc6d8c0c80cb7ddc0cee9cf2c856cb5dc nginx-core-debuginfo-1.20.1-28.el9_8.2.x86_64.rpm SHA-256: 87943b36c2de79e232e0c7c772749089a70d0b689e17fa60c588103be55e3fba nginx-debuginfo-1.20.1-28.el9_8.2.x86_64.rpm SHA-256: 3acfd7e72b9cc46f4bcd233880a48a39b3f7ef171470da5a958e92eecf836f5e nginx-debugsource-1.20.1-28.el9_8.2.x86_64.rpm SHA-256: 2ac0f51068035d81caf09270c4046c4af174faf19c510702c1a640e41c624185 nginx-filesystem-1.20.1-28.el9_8.2.noarch.rpm SHA-256: 5199f3b402a9c1adb81b378950fa149799eeca049648e6d438b5840f2a732ba4 nginx-mod-http-image-filter-1.20.1-28.el9_8.2.x86_64.rpm SHA-256: 77610bb7574dfe8fc0a36b7211be8f79c09442a3f4601e23b7dc3170403c409c nginx-mod-http-image-filter-debuginfo-1.20.1-28.el9_8.2.x86_64.rpm SHA-256: ab35f51a38d191354e719c7826a5a8057da39cadbd27824c7de9af785f022a77 nginx-mod-http-perl-1.20.1-28.el9_8.2.x86_64.rpm SHA-256: 8b77781bf5e0ca6934edc7f6c19175bb1391e6605a600955e3ba283133971b87 nginx-mod-http-perl-debuginfo-1.20.1-28.el9_8.2.x86_64.rpm SHA-256: 20a1750737fb94fde7e23bdf28dfa39eece47b270d00b3d9fdcd957f45e1efe5 nginx-mod-http-xslt-filter-1.20.1-28.el9_8.2.x86_64.rpm SHA-256: ca6c76576f726aa10b86a34cf3123952a176a29f6e1f941ca85a79b57bdf1b7c nginx-mod-http-xslt-filter-debuginfo-1.20.1-28.el9_8.2.x86_64.rpm SHA-256: 92933c91b26cfe1173c678bbde0b42d0dd0040aff8888e1c07c4094923e73258 nginx-mod-mail-1.20.1-28.el9_8.2.x86_64.rpm SHA-256: dc08f47b64b43c5c9563fecdab1d3e2bf3955f5366133515582855c4de7425ad nginx-mod-mail-debuginfo-1.20.1-28.el9_8.2.x86_64.rpm SHA-256: a335aeb27e9bfe3fc7580f7b890f010e071f6a3751c85a1878c4127d88b622aa nginx-mod-stream-1.20.1-28.el9_8.2.x86_64.rpm SHA-256: a60b2ff6fc0485f5daddfb8b8d9321af8d899252d46187e377d221ba27d2aaf0 nginx-mod-stream-debuginfo-1.20.1-28.el9_8.2.x86_64.rpm SHA-256: 7c8eee8630fa529bf0e1c1514be309c3e73005f76a910887d77c04aa8375f358 Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.8 SRPM nginx-1.20.1-28.el9_8.2.src.rpm SHA-256: 5ec986740390ce5fd810d8300dadddd53394aa2ad2e8c39b76424780752600be x86_64 nginx-1.20.1-28.el9_8.2.x86_64.rpm SHA-256: 648dd83896e35df8bb5cbfa40f6e4924933eae72be186a9193b679badb6e5f96 nginx-all-modules-1.20.1-28.el9_8.2.noarch.rpm SHA-256: 6e4b139f75107d5f47969c1b989d30b41d31197c8928bb06a3653b92d4aae002 nginx-core-1.20.1-28.el9_8.2.x86_64.rpm SHA-256: ede6775e755a9129a2e40d3de494981dc6d8c0c80cb7ddc0cee9cf2c856cb5dc nginx-core-debuginfo-1.20.1-28.el9_8.2.x86_64.rpm SHA-256: 87943b36c2de79e232e0c7c772749089a70d0b689e17fa60c588103be55e3fba nginx-debuginfo-1.20.1-28.el9_8.2.x86_64.rpm SHA-256: 3acfd7e72b9cc46f4bcd233880a48a39b3f7ef171470da5a958e92eecf836f5e nginx-debugsource-1.20.1-28.el9_8.2.x86_64.rpm SHA-256: 2ac0f51068035d81caf09270c4046c4af174faf19c510702c1a640e41c624185 nginx-filesystem-1.20.1-28.el9_8.2.noarch.rpm SHA-256: 5199f3b402a9c1adb81b378950fa149799eeca049648e6d438b5840f2a732ba4 nginx-mod-http-image-filter-1.20.1-28.el9_8.2.x86_64.rpm SHA-256: 77610bb7574dfe8fc0a36b7211be8f79c09442a3f4601e23b7dc3170403c409c nginx-mod-http-image-filter-debuginfo-1.20.1-28.el9_8.2.x86_64.rpm SHA-256: ab35f51a38d191354e719c7826a5a8057da39cadbd27824c7de9af785f022a77 nginx-mod-http-perl-1.20.1-28.el9_8.2.x86_64.rpm SHA-256: 8b77781bf5e0ca6934edc7f6c19175bb1391e6605a600955e3ba283133971b87 nginx-mod-http-perl-debuginfo-1.20.1-28.el9_8.2.x86_64.rpm SHA-256: 20a1750737fb94fde7e23bdf28dfa39eece47b270d00b3d9fdcd957f45e1efe5 nginx-mod-http-xslt-filter-1.20.1-28.el9_8.2.x86_64.rpm SHA-256: ca6c76576f726aa10b86a34cf3123952a176a29f6e1f941ca85a79b57bdf1b7c nginx-mod-http-xslt-filter-debuginfo-1.20.1-28.el9_8.2.x86_64.rpm SHA-256: 92933c91b26cfe1173c678bbde0b42d0dd0040aff8888e1c07c4094923e73258 nginx-mod-mail-1.20.1-28.el9_8.2.x86_64.rpm SHA-256: dc08f47b64b43c5c9563fecdab1d3e2bf3955f5366133515582855c4de7425ad nginx-mod-mail-debuginfo-1.20.1-28.el9_8.2.x86_64.rpm SHA-256: a335aeb27e9bfe3fc7580f7b890f010e071f6a3751c85a1878c4127d88b622aa nginx-mod-stream-1.20.1-28.el9_8.2.x86_64.rpm SHA-256: a60b2ff6fc0485f5daddfb8b8d9321af8d899252d46187e377d221ba27d2aaf0 nginx-mod-stream-debuginfo-1.20.1-28.el9_8.2.x86_64.rpm SHA-256: 7c8eee8630fa529bf0e1c1514be309c3e73005f76a910887d77c04aa8375f358 Red Hat Enterprise Linux for IBM z Systems 9 SRPM nginx-1.20.1-28.el9_8.2.src.rpm SHA-256: 5ec986740390ce5fd810d8300dadddd53394aa2ad2e8c39b76424780752600be s390x nginx-1.20.1-28.el9_8.2.s390x.rpm SHA-256: 77c49327b508da02dc7ecede48308d7c3f1045289f3bf652e1145314452cba42 nginx-all-modules-1.20.1-28.el9_8.2.noarch.rpm SHA-256: 6e4b139f75107d5f47969c1b989d30b41d31197c8928bb06a3653b92d4aae002 nginx-core-1.20.1-28.el9_8.2.s390x.rpm SHA-256: 7b8dc2ad8effafa00e9b5d95c8582a73eed5423ab1cb0917cb7d58cb8467f8ed nginx-core-debuginfo-1.20.1-28.el9_8.2.s390x.rpm SHA-256: 79b3695bfe9efc03a76dc6bc941dc945fdcf07f7fb8d0ac000ee61edede200d9 nginx-debuginfo-1.20.1-28.el9_8.2.s390x.rpm SHA-256: a0d54e6f429da0971f7a203f7ea6f546fb224b7d1a4ef58ddb3635b49255e1b1 nginx-debugsource-1.20.1-28.el9_8.2.s390x.rpm SHA-256: 48b710d0a112e1ef40305552da7680883b7be6cce681ff06cd651fd3490b3fde nginx-filesystem-1.20.1-28.el9_8.2.noarch.rpm SHA-256: 5199f3b402a9c1adb81b378950fa149799eeca049648e6d438b5840f2a732ba4 nginx-mod-http-image-filter-1.20.1-28.el9_8.2.s390x.rpm SHA-256: 9802c16e9e3bfaf4373c8a067516ff3a901116feb0e24dc436236e084c3201da nginx-mod-http-image-filter-debuginfo-1.20.1-28.el9_8.2.s390x.rpm SHA-256: 836539dc88305af29c559e0fe544fdfaf12b812de139443c88a5a61a904674b4 nginx-mod-http-perl-1.20.1-28.el9_8.2.s390x.rpm SHA-256: cf51a1bdb4ce00d8f8254148fe2494f5f94858aaa044df97e81e985b5f63786d nginx-mod-http-perl-debuginfo-1.20.1-28.el9_8.2.s390x.rpm SHA-256: 65895d9381172e3c1753345e809022e3c99a7fa2a72737f5653b720e522fc765 nginx-mod-http-xslt-filter-1.20.1-28.el9_8.2.s390x.rpm SHA-256: c22627308ff8f3dd7c7d01203e2dec19ccec561bf9cf1b9c2003c493d76fd807 nginx-mod-http-xslt-filter-debuginfo-1.20.1-28.el9_8.2.s390x.rpm SHA-256: 84910c79735f4bbb0966cc17acd9ce558bd00c6d71e2f07f6383d76c8e5004a6 nginx-mod-mail-1.20.1-28.el9_8.2.s390x.rpm SHA-256: 37636998da0ad2a877555aaf3ee978777be4732bda1d894e3ec80f0c3ab83223 nginx-mod-mail-debuginfo-1.20.1-28.el9_8.2.s390x.rpm SHA-256: 03e7b550520c948da1bf0b1a3489528597db103c1499f2fdedf83108b9f53144 nginx-mod-stream-1.20.1-28.el9_8.2.s390x.rpm SHA-256: 73e8d2899692531552130b1a16a441e4916674625119