Red Hat Product Errata RHSA-2026:19371 - Security Advisory Issued: 2026-05-19 Updated: 2026-05-19 RHSA-2026:19371 - Security Advisory Overview Updated Packages Synopsis Critical: nginx:1.24 security update Type/Severity Security Advisory: Critical Red Hat Lightspeed patch analysis Identify and remediate systems affected by this advisory. View affected systems Topic An update for the nginx:1.24 module is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Description nginx is a web and proxy server supporting HTTP and other protocols, with a focus on high concurrency, performance, and low memory usage. Security Fix(es): nginx: NGINX: Arbitrary Code Execution Vulnerability (CVE-2026-42945) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Solution For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 Affected Products Red Hat Enterprise Linux for x86_64 9 x86_64 Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.8 x86_64 Red Hat Enterprise Linux for IBM z Systems 9 s390x Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 9.8 s390x Red Hat Enterprise Linux for Power, little endian 9 ppc64le Red Hat Enterprise Linux for Power, little endian - Extended Update Support 9.8 ppc64le Red Hat Enterprise Linux for ARM 64 9 aarch64 Red Hat Enterprise Linux for ARM 64 - Extended Update Support 9.8 aarch64 Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.8 ppc64le Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.8 x86_64 Red Hat Enterprise Linux for ARM 64 - 4 years of updates 9.8 aarch64 Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 9.8 s390x Red Hat Enterprise Linux for x86_64 - Extended Life Cycle 9.8 x86_64 Red Hat Enterprise Linux for ARM 64 - Extended Life Cycle 9.8 aarch64 Red Hat Enterprise Linux for Power, little endian - Extended Life Cycle 9.8 ppc64le Red Hat Enterprise Linux for IBM z Systems - Extended Life Cycle 9.8 s390x Fixes BZ - 2477116 - CVE-2026-42945 nginx: NGINX: Arbitrary Code Execution Vulnerability CVEs CVE-2026-42945 References https://access.redhat.com/security/updates/classification/#critical Note: More recent versions of these packages may be available. Click a package name for more details. Red Hat Enterprise Linux for x86_64 9 SRPM x86_64 Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.8 SRPM x86_64 Red Hat Enterprise Linux for IBM z Systems 9 SRPM s390x Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 9.8 SRPM s390x Red Hat Enterprise Linux for Power, little endian 9 SRPM ppc64le nginx-mod-http-perl-debuginfo-1.24.0-7.module+el9.8.0+24289+833e4c02.1.ppc64le.rpm SHA-256: 145809f04eaf8174c20713d979968e36ea6b910fb7910693578b98eacfa21195 nginx-mod-mail-debuginfo-1.24.0-7.module+el9.8.0+24289+833e4c02.1.ppc64le.rpm SHA-256: 75f9e7439f6583943f2b6cb82689aa71a2e68c80df734beb9d598d9f7dfadd2b nginx-mod-stream-debuginfo-1.24.0-7.module+el9.8.0+24289+833e4c02.1.ppc64le.rpm SHA-256: 8e5374086b5a2b285dda10f65d269527c3e85d8cfb632ebe0043a5ebb0d869d1 Red Hat Enterprise Linux for Power, little endian - Extended Update Support 9.8 SRPM ppc64le nginx-mod-http-perl-debuginfo-1.24.0-7.module+el9.8.0+24289+833e4c02.1.ppc64le.rpm SHA-256: 145809f04eaf8174c20713d979968e36ea6b910fb7910693578b98eacfa21195 nginx-mod-mail-debuginfo-1.24.0-7.module+el9.8.0+24289+833e4c02.1.ppc64le.rpm SHA-256: 75f9e7439f6583943f2b6cb82689aa71a2e68c80df734beb9d598d9f7dfadd2b nginx-mod-stream-debuginfo-1.24.0-7.module+el9.8.0+24289+833e4c02.1.ppc64le.rpm SHA-256: 8e5374086b5a2b285dda10f65d269527c3e85d8cfb632ebe0043a5ebb0d869d1 Red Hat Enterprise Linux for ARM 64 9 SRPM aarch64 nginx-core-debuginfo-1.24.0-7.module+el9.8.0+24289+833e4c02.1.aarch64.rpm SHA-256: 550043eeb73c8cf4b9ff04f51c6fc53ca841e6d6fd540cb492f2c31626f55e40 nginx-debuginfo-1.24.0-7.module+el9.8.0+24289+833e4c02.1.aarch64.rpm SHA-256: e04de14fd550a246fb7847c2368f233d817172e2fae9c501c7471775520c7c1f nginx-debugsource-1.24.0-7.module+el9.8.0+24289+833e4c02.1.aarch64.rpm SHA-256: 3209fbcc2f677767755cc36773a7ad616019b74e8a8c043cf38877c88d592b97 nginx-mod-http-image-filter-debuginfo-1.24.0-7.module+el9.8.0+24289+833e4c02.1.aarch64.rpm SHA-256: 63c06fdca725901e9aa2dcc19544ea475c36543dac42539fdb2594bf0492f1d0 nginx-mod-http-perl-debuginfo-1.24.0-7.module+el9.8.0+24289+833e4c02.1.aarch64.rpm SHA-256: c22694a393adab33946344de2c9cdbfdb4264d1be8fec9f41dd77a3e0eb3ce75 nginx-mod-http-xslt-filter-debuginfo-1.24.0-7.module+el9.8.0+24289+833e4c02.1.aarch64.rpm SHA-256: b97a90a7749cf622ed13230e5546dc4995c703100b9907f7f7f3d5ecb3160393 nginx-mod-mail-debuginfo-1.24.0-7.module+el9.8.0+24289+833e4c02.1.aarch64.rpm SHA-256: f379016923eba7b7f74dcd2f1ff4c5a29ffe53345e50d8716d49ba63381f90ea nginx-mod-stream-debuginfo-1.24.0-7.module+el9.8.0+24289+833e4c02.1.aarch64.rpm SHA-256: d69866574f2bed14608782e49cc7c54ee741d991d5156fb6bb6fbaba74f10363 Red Hat Enterprise Linux for ARM 64 - Extended Update Support 9.8 SRPM aarch64 nginx-core-debuginfo-1.24.0-7.module+el9.8.0+24289+833e4c02.1.aarch64.rpm SHA-256: 550043eeb73c8cf4b9ff04f51c6fc53ca841e6d6fd540cb492f2c31626f55e40 nginx-debuginfo-1.24.0-7.module+el9.8.0+24289+833e4c02.1.aarch64.rpm SHA-256: e04de14fd550a246fb7847c2368f233d817172e2fae9c501c7471775520c7c1f nginx-debugsource-1.24.0-7.module+el9.8.0+24289+833e4c02.1.aarch64.rpm SHA-256: 3209fbcc2f677767755cc36773a7ad616019b74e8a8c043cf38877c88d592b97 nginx-mod-http-image-filter-debuginfo-1.24.0-7.module+el9.8.0+24289+833e4c02.1.aarch64.rpm SHA-256: 63c06fdca725901e9aa2dcc19544ea475c36543dac42539fdb2594bf0492f1d0 nginx-mod-http-perl-debuginfo-1.24.0-7.module+el9.8.0+24289+833e4c02.1.aarch64.rpm SHA-256: c22694a393adab33946344de2c9cdbfdb4264d1be8fec9f41dd77a3e0eb3ce75 nginx-mod-http-xslt-filter-debuginfo-1.24.0-7.module+el9.8.0+24289+833e4c02.1.aarch64.rpm SHA-256: b97a90a7749cf622ed13230e5546dc4995c703100b9907f7f7f3d5ecb3160393 nginx-mod-mail-debuginfo-1.24.0-7.module+el9.8.0+24289+833e4c02.1.aarch64.rpm SHA-256: f379016923eba7b7f74dcd2f1ff4c5a29ffe53345e50d8716d49ba63381f90ea nginx-mod-stream-debuginfo-1.24.0-7.module+el9.8.0+24289+833e4c02.1.aarch64.rpm SHA-256: d69866574f2bed14608782e49cc7c54ee741d991d5156fb6bb6fbaba74f10363 Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.8 SRPM ppc64le nginx-mod-http-perl-debuginfo-1.24.0-7.module+el9.8.0+24289+833e4c02.1.ppc64le.rpm SHA-256: 145809f04eaf8174c20713d979968e36ea6b910fb7910693578b98eacfa21195 nginx-mod-mail-debuginfo-1.24.0-7.module+el9.8.0+24289+833e4c02.1.ppc64le.rpm SHA-256: 75f9e7439f6583943f2b6cb82689aa71a2e68c80df734beb9d598d9f7dfadd2b nginx-mod-stream-debuginfo-1.24.0-7.module+el9.8.0+24289+833e4c02.1.ppc64le.rpm SHA-256: 8e5374086b5a2b285dda10f65d269527c3e85d8cfb632ebe0043a5ebb0d869d1 Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.8 SRPM x86_64 Red Hat Enterprise Linux for ARM 64 - 4 years of updates 9.8 SRPM aarch64 nginx-core-debuginfo-1.24.0-7.module+el9.8.0+24289+833e4c02.1.aarch64.rpm SHA-256: 550043eeb73c8cf4b9ff04f51c6fc53ca841e6d6fd540cb492f2c31626f55e40 nginx-debuginfo-1.24.0-7.module+el9.8.0+24289+833e4c02.1.aarch64.rpm SHA-256: e04de14fd550a246fb7847c2368f233d817172e2fae9c501c7471775520c7c1f nginx-debugsource-1.24.0-7.module+el9.8.0+24289+833e4c02.1.aarch64.rpm SHA-256: 3209fbcc2f677767755cc36773a7ad616019b74e8a8c043cf38877c88d592b97 nginx-mod-http-image-filter-debuginfo-1.24.0-7.module+el9.8.0+24289+833e4c02.1.aarch64.rpm SHA-256: 63c06fdca725901e9aa2dcc19544ea475c36543dac42539fdb2594bf0492f1d0 nginx-mod-http-perl-debuginfo-1.24.0-7.module+el9.8.0+24289+833e4c02.1.aarch64.rpm SHA-256: c22694a393adab33946344de2c9cdbfdb4264d1be8fec9f41dd77a3e0eb3ce75 nginx-mod-http-xslt-filter-debuginfo-1.24.0-7.module+el9.8.0+24289+833e4c02.1.aarch64.rpm SHA-256: b97a90a7749cf622ed13230e5546dc4995c703100b9907f7f7f3d5ecb3160393 nginx-mod-mail-debuginfo-1.24.0-7.module+el9.8.0+24289+833e4c02.1.aarch64.rpm SHA-256: f379016923eba7b7f74dcd2f1ff4c5a29ffe53345e50d8716d49ba63381f90ea nginx-mod-stream-debuginfo-1.24.0-7.module+el9.8.0+24289+833e4c02.1.aarch64.rpm SHA-256: d69866574f2bed14608782e49cc7c54ee741d991d5156fb6bb6fbaba74f10363 Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 9.8 SRPM s390x Red Hat Enterprise Linux for x86_64 - Extended Life Cycle 9.8 SRPM x86_64 Red Hat Enterprise Linux for ARM 64 - Extended Life Cycle 9.8 SRPM aarch64 nginx-core-debuginfo-1.24.0-7.module+el9.8.0+24289+833e4c02.1.aarch64.rpm SHA-256: 550043eeb73c8cf4b9ff04f51c6fc53ca841e6d6fd540cb492f2c31626f55e40 nginx-debuginfo-1.24.0-7.module+el9.8.0+24289+833e4c02.1.aarch64.rpm SHA-256: e04de14fd550a246fb7847c2368f233d817172e2fae9c501c7471775520c7c1f nginx-debugsource-1.24.0-7.module+el9.8.0+24289+833e4c02.1.aarch64.rpm SHA-256: 3209fbcc2f677767755cc36773a7ad616019b74e8a8c043cf38877c88d592b97 nginx-mod-http-image-filter-debuginfo-1.24.0-7.module+el9.8.0+24289+833e4c02.1.aarch64.rpm SHA-256: 63c06fdca725901e9aa2dcc19544ea475c36543dac42539fdb2594bf0492f1d0 nginx-mod-http-perl-debuginfo-1.24.0-7.module+el9.8.0+24289+833e4c02.1.aarch64.rpm SHA-256: c22694a393adab33946344de2c9cdbfdb4264d1be8fec9f41dd77a3e0eb3ce75 nginx-mod-http-xslt-filter-debuginfo-1.24.0-7.module+el9.8.0+24289+833e4c02.1.aarch64.rpm SHA-256: b97a90a7749cf622ed13230e5546dc4995c703100b9907f7f7f3d5ecb3160393 nginx-mod-mail-debuginfo-1.24.0-7.module+el9.8.0+24289+833e4c02.1.aarch64.rpm SHA-256: f379016923eba7b7f74dcd2f1ff4c5a29ffe53345e50d8716d49ba63381f90ea nginx-mod-stream-debuginfo-1.24.0-7.module+el9.8.0+24289+833e4c