Red Hat Product Errata RHSA-2026:19372 - Security Advisory Issued: 2026-05-19 Updated: 2026-05-19 RHSA-2026:19372 - Security Advisory Overview Updated Packages Synopsis Critical: nginx:1.26 security update Type/Severity Security Advisory: Critical Red Hat Lightspeed patch analysis Identify and remediate systems affected by this advisory. View affected systems Topic An update for the nginx:1.26 module is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Description nginx is a web and proxy server supporting HTTP and other protocols, with a focus on high concurrency, performance, and low memory usage. Security Fix(es): nginx: NGINX: Arbitrary Code Execution Vulnerability (CVE-2026-42945) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Solution For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 Affected Products Red Hat Enterprise Linux for x86_64 9 x86_64 Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.8 x86_64 Red Hat Enterprise Linux for IBM z Systems 9 s390x Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 9.8 s390x Red Hat Enterprise Linux for Power, little endian 9 ppc64le Red Hat Enterprise Linux for Power, little endian - Extended Update Support 9.8 ppc64le Red Hat Enterprise Linux for ARM 64 9 aarch64 Red Hat Enterprise Linux for ARM 64 - Extended Update Support 9.8 aarch64 Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.8 ppc64le Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.8 x86_64 Red Hat Enterprise Linux for ARM 64 - 4 years of updates 9.8 aarch64 Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 9.8 s390x Red Hat Enterprise Linux for x86_64 - Extended Life Cycle 9.8 x86_64 Red Hat Enterprise Linux for ARM 64 - Extended Life Cycle 9.8 aarch64 Red Hat Enterprise Linux for Power, little endian - Extended Life Cycle 9.8 ppc64le Red Hat Enterprise Linux for IBM z Systems - Extended Life Cycle 9.8 s390x Fixes BZ - 2477116 - CVE-2026-42945 nginx: NGINX: Arbitrary Code Execution Vulnerability CVEs CVE-2026-42945 References https://access.redhat.com/security/updates/classification/#critical Note: More recent versions of these packages may be available. Click a package name for more details. Red Hat Enterprise Linux for x86_64 9 SRPM nginx-1.26.3-9.module+el9.8.0+24288+e2e6d896.src.rpm SHA-256: d3a395daa088037d3280b8abceca7ff96bdf2ae0c17936f03f5f7841a471e992 x86_64 nginx-all-modules-1.26.3-9.module+el9.8.0+24288+e2e6d896.noarch.rpm SHA-256: 43878ce4b4a52bfaad3ae337a5ac846dcc9158591c4fd0cdf3efd0590af57abb nginx-filesystem-1.26.3-9.module+el9.8.0+24288+e2e6d896.noarch.rpm SHA-256: 98ab16986ca5fc7d3ffbcc348822cd0e8df5e5d30efed2578e1a9066be5d20a6 nginx-all-modules-1.26.3-9.module+el9.8.0+24288+e2e6d896.noarch.rpm SHA-256: 43878ce4b4a52bfaad3ae337a5ac846dcc9158591c4fd0cdf3efd0590af57abb nginx-filesystem-1.26.3-9.module+el9.8.0+24288+e2e6d896.noarch.rpm SHA-256: 98ab16986ca5fc7d3ffbcc348822cd0e8df5e5d30efed2578e1a9066be5d20a6 nginx-1.26.3-9.module+el9.8.0+24288+e2e6d896.x86_64.rpm SHA-256: a68966ff7264b9b0b4d5d499b2ec21e599443e6279bbc17f5f484bc74a0b1ee0 nginx-core-1.26.3-9.module+el9.8.0+24288+e2e6d896.x86_64.rpm SHA-256: b6ae7e1241046d07ee00e36b0fdf72d9515286ee306a1982d647e2aa82989946 nginx-core-debuginfo-1.26.3-9.module+el9.8.0+24288+e2e6d896.x86_64.rpm SHA-256: afe00255290a4700488d72e5c4f94cbe3659eade78d381895bc778bb4bf485ec nginx-debuginfo-1.26.3-9.module+el9.8.0+24288+e2e6d896.x86_64.rpm SHA-256: abb9458fc4150cdbafe4eb7cfd17a99d45f840cad60680cf72e7f2581ec02aa9 nginx-debugsource-1.26.3-9.module+el9.8.0+24288+e2e6d896.x86_64.rpm SHA-256: 81f1a988ab3a7fe3e10ab9c983e3fcb906a321eca5e1ba8ebc63bbebff670534 nginx-mod-devel-1.26.3-9.module+el9.8.0+24288+e2e6d896.x86_64.rpm SHA-256: aa7bc4bf67cf20b16bc61ec18ea22b8a230de550806ed59b389dff24a6d09e63 nginx-mod-http-image-filter-1.26.3-9.module+el9.8.0+24288+e2e6d896.x86_64.rpm SHA-256: 78eb061aeeb88a773dfa8247981bae5464daf26aa0a182a02fae01873736d346 nginx-mod-http-image-filter-debuginfo-1.26.3-9.module+el9.8.0+24288+e2e6d896.x86_64.rpm SHA-256: fe93bef7c02e3df7b32719d3349cac41818f7aa2874aa2fc4a71961f64713dd7 nginx-mod-http-perl-1.26.3-9.module+el9.8.0+24288+e2e6d896.x86_64.rpm SHA-256: b16afd3dbb795927efd55c4456c59ef65711c8b72dfac69bf8804cda9a17de83 nginx-mod-http-perl-debuginfo-1.26.3-9.module+el9.8.0+24288+e2e6d896.x86_64.rpm SHA-256: 7bb6b4d0ba632e37229afb8616fd58f603c251a77129ed3818bb316b5e1aa4a2 nginx-mod-http-xslt-filter-1.26.3-9.module+el9.8.0+24288+e2e6d896.x86_64.rpm SHA-256: 9739974a9fcaa994818b6f58c67458b80b9cc31e2707a1e7fdda33764719a5df nginx-mod-http-xslt-filter-debuginfo-1.26.3-9.module+el9.8.0+24288+e2e6d896.x86_64.rpm SHA-256: 068a53a0f7bf39e1b7fd60b04f345fe81b321b82ac17e0c68808f144e88d14f2 nginx-mod-mail-1.26.3-9.module+el9.8.0+24288+e2e6d896.x86_64.rpm SHA-256: afd528779263c1f3bc4a283c676b1aabca137301cb159ae4bb2a27bd8226ffcb nginx-mod-mail-debuginfo-1.26.3-9.module+el9.8.0+24288+e2e6d896.x86_64.rpm SHA-256: 4a8907614db48607e5036a6c785e39aca7eb43d8b2d2c0ac74ecc3c1a40fc97b nginx-mod-stream-1.26.3-9.module+el9.8.0+24288+e2e6d896.x86_64.rpm SHA-256: 82ece6923fcc2bc95dcc58a66ef66bc07dfcf4ac66e5b8db8d0a023c621a33e6 nginx-mod-stream-debuginfo-1.26.3-9.module+el9.8.0+24288+e2e6d896.x86_64.rpm SHA-256: b37ffc6011b6ba7392006bf57ed8955e003e48535654ca4226b2d58d6d188aec nginx-all-modules-1.26.3-9.module+el9.8.0+24288+e2e6d896.noarch.rpm SHA-256: 43878ce4b4a52bfaad3ae337a5ac846dcc9158591c4fd0cdf3efd0590af57abb nginx-filesystem-1.26.3-9.module+el9.8.0+24288+e2e6d896.noarch.rpm SHA-256: 98ab16986ca5fc7d3ffbcc348822cd0e8df5e5d30efed2578e1a9066be5d20a6 Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.8 SRPM nginx-1.26.3-9.module+el9.8.0+24288+e2e6d896.src.rpm SHA-256: d3a395daa088037d3280b8abceca7ff96bdf2ae0c17936f03f5f7841a471e992 x86_64 nginx-all-modules-1.26.3-9.module+el9.8.0+24288+e2e6d896.noarch.rpm SHA-256: 43878ce4b4a52bfaad3ae337a5ac846dcc9158591c4fd0cdf3efd0590af57abb nginx-filesystem-1.26.3-9.module+el9.8.0+24288+e2e6d896.noarch.rpm SHA-256: 98ab16986ca5fc7d3ffbcc348822cd0e8df5e5d30efed2578e1a9066be5d20a6 nginx-all-modules-1.26.3-9.module+el9.8.0+24288+e2e6d896.noarch.rpm SHA-256: 43878ce4b4a52bfaad3ae337a5ac846dcc9158591c4fd0cdf3efd0590af57abb nginx-filesystem-1.26.3-9.module+el9.8.0+24288+e2e6d896.noarch.rpm SHA-256: 98ab16986ca5fc7d3ffbcc348822cd0e8df5e5d30efed2578e1a9066be5d20a6 nginx-1.26.3-9.module+el9.8.0+24288+e2e6d896.x86_64.rpm SHA-256: a68966ff7264b9b0b4d5d499b2ec21e599443e6279bbc17f5f484bc74a0b1ee0 nginx-core-1.26.3-9.module+el9.8.0+24288+e2e6d896.x86_64.rpm SHA-256: b6ae7e1241046d07ee00e36b0fdf72d9515286ee306a1982d647e2aa82989946 nginx-core-debuginfo-1.26.3-9.module+el9.8.0+24288+e2e6d896.x86_64.rpm SHA-256: afe00255290a4700488d72e5c4f94cbe3659eade78d381895bc778bb4bf485ec nginx-debuginfo-1.26.3-9.module+el9.8.0+24288+e2e6d896.x86_64.rpm SHA-256: abb9458fc4150cdbafe4eb7cfd17a99d45f840cad60680cf72e7f2581ec02aa9 nginx-debugsource-1.26.3-9.module+el9.8.0+24288+e2e6d896.x86_64.rpm SHA-256: 81f1a988ab3a7fe3e10ab9c983e3fcb906a321eca5e1ba8ebc63bbebff670534 nginx-mod-devel-1.26.3-9.module+el9.8.0+24288+e2e6d896.x86_64.rpm SHA-256: aa7bc4bf67cf20b16bc61ec18ea22b8a230de550806ed59b389dff24a6d09e63 nginx-mod-http-image-filter-1.26.3-9.module+el9.8.0+24288+e2e6d896.x86_64.rpm SHA-256: 78eb061aeeb88a773dfa8247981bae5464daf26aa0a182a02fae01873736d346 nginx-mod-http-image-filter-debuginfo-1.26.3-9.module+el9.8.0+24288+e2e6d896.x86_64.rpm SHA-256: fe93bef7c02e3df7b32719d3349cac41818f7aa2874aa2fc4a71961f64713dd7 nginx-mod-http-perl-1.26.3-9.module+el9.8.0+24288+e2e6d896.x86_64.rpm SHA-256: b16afd3dbb795927efd55c4456c59ef65711c8b72dfac69bf8804cda9a17de83 nginx-mod-http-perl-debuginfo-1.26.3-9.module+el9.8.0+24288+e2e6d896.x86_64.rpm SHA-256: 7bb6b4d0ba632e37229afb8616fd58f603c251a77129ed3818bb316b5e1aa4a2 nginx-mod-http-xslt-filter-1.26.3-9.module+el9.8.0+24288+e2e6d896.x86_64.rpm SHA-256: 9739974a9fcaa994818b6f58c67458b80b9cc31e2707a1e7fdda33764719a5df nginx-mod-http-xslt-filter-debuginfo-1.26.3-9.module+el9.8.0+24288+e2e6d896.x86_64.rpm SHA-256: 068a53a0f7bf39e1b7fd60b04f345fe81b321b82ac17e0c68808f144e88d14f2 nginx-mod-mail-1.26.3-9.module+el9.8.0+24288+e2e6d896.x86_64.rpm SHA-256: afd528779263c1f3bc4a283c676b1aabca137301cb159ae4bb2a27bd8226ffcb nginx-mod-mail-debuginfo-1.26.3-9.module+el9.8.0+24288+e2e6d896.x86_64.rpm SHA-256: 4a8907614db48607e5036a6c785e39aca7eb43d8b2d2c0ac74ecc3c1a40fc97b nginx-mod-stream-1.26.3-9.module+el9.8.0+24288+e2e6d896.x86_64.rpm SHA-256: 82ece6923fcc2bc95dcc58a66ef66bc07dfcf4ac66e5b8db8d0a023c621a33e6 nginx-mod-stream-debuginfo-1.26.3-9.module+el9.8.0+24288+e2e6d896.x86_64.rpm SHA-256: b37ffc6011b6ba7392006bf57ed8955e003e48535654ca4226b2d58d6d188aec nginx-all-modules-1.26.3-9.module+el9.8.0+24288+e2e6d896.noarch.rpm SHA-256: 43878ce4b4a52bfaad3ae337a5ac846dcc9158591c4fd0cdf3efd0590af57abb nginx-filesystem-1.26.3-9.module+el9.8.0+24288+e2e6d896.noarch.rpm SHA-256: 98ab16986ca5fc7d3ffbcc348822cd0e8df5e5d30efed2578e1a9066be5d20a6 Red Hat Enterprise Linux for IBM z Systems 9 SRPM nginx-1.26.3-9.module+el9.8.0+24288+e2e6d896.src.rpm SHA-256: d3a395daa088037d3280b8abceca7ff96bdf2ae0c17936f03f5f7841a471e992 s390x nginx-all-modules-1.26.3-9.module+el9.8.0+24288+e2e6d896.noarch.rpm SHA-256: 43878ce4b4a52bfaad3ae337a5ac846dcc9158591c4fd0cdf3efd0590af57abb nginx-filesystem-1.26.3-9.module+el9.8.0+24288+e2e6d896.noarch.rpm SHA-256: 98ab16986ca5fc7d3ffbcc348822cd0e8df5e5d30efed2578e1a9066be5d20a6 nginx-all-modules-1.26.3-9.module+el