Red Hat Product Errata RHSA-2026:8540 - Security Advisory
Issued:
2026-04-16
Updated:
2026-04-16

RHSA-2026:8540 - Security Advisory

Synopsis

Important: nghttp2 security update

Type/Severity

Security Advisory: Important

Red Hat Lightspeed patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for nghttp2 is now available for Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions and Red Hat Enterprise Linux 8.8 Telecommunications Update Service.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

libnghttp2 is a library implementing the Hypertext Transfer Protocol version 2 (HTTP/2) protocol in C.

Security Fix(es):

  • nghttp2: nghttp2: Denial of Service via malformed HTTP/2 frames after session termination (CVE-2026-27135)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Affected Products

  • Red Hat Enterprise Linux for x86_64 - Extended Update Support Extension 8.8 x86_64
  • Red Hat Enterprise Linux Server - TUS 8.8 x86_64
  • Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.8 ppc64le
  • Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.8 x86_64

Fixes

  • BZ - 2448754 - CVE-2026-27135 nghttp2: nghttp2: Denial of Service via malformed HTTP/2 frames after session termination

Red Hat Enterprise Linux for x86_64 - Extended Update Support Extension 8.8

SRPM
nghttp2-1.33.0-5.el8_8.2.src.rpm SHA-256: 70986cae845c31b6016396275a89cce5e3f2d25b2481160e321dafc3bb2d61aa
x86_64
libnghttp2-1.33.0-5.el8_8.2.i686.rpm SHA-256: 9e71abbc48472a4952649c5a91d14c7a742511509b3a2e5a4032498aabbd98c0
libnghttp2-1.33.0-5.el8_8.2.x86_64.rpm SHA-256: 63bf2ca959f88e6fe9c019e8a9698b2cf4e3247ff7683ef650fd80e0258d2cf0
libnghttp2-debuginfo-1.33.0-5.el8_8.2.i686.rpm SHA-256: 83021eecd30e5efe0feb9e602f1475677d62fe27e52cd26d643a950ca119f6ab
libnghttp2-debuginfo-1.33.0-5.el8_8.2.x86_64.rpm SHA-256: b0ff39ee53389276011955b9a86c393de321ac779780ad38ddf44e0c98b4c6b4
nghttp2-debuginfo-1.33.0-5.el8_8.2.i686.rpm SHA-256: fda6b4b0bd0b231a77c2b4b4a1539d3795a98021f06ebbc25cac08c9c0a681ca
nghttp2-debuginfo-1.33.0-5.el8_8.2.x86_64.rpm SHA-256: b4e0bd33bc0a958186a502ea14484fee5ab9bb64735b2326822690599947940e
nghttp2-debugsource-1.33.0-5.el8_8.2.i686.rpm SHA-256: e45cec3305321854cb1063c695d06cf9bbe6ede4e9de539d325e7591142b6163
nghttp2-debugsource-1.33.0-5.el8_8.2.x86_64.rpm SHA-256: 24ab479eaabd59a98ae0e74ec7ebf0763869669ef79e005cdb44d48e46c1e5b7

Red Hat Enterprise Linux Server - TUS 8.8

SRPM
nghttp2-1.33.0-5.el8_8.2.src.rpm SHA-256: 70986cae845c31b6016396275a89cce5e3f2d25b2481160e321dafc3bb2d61aa
x86_64
libnghttp2-1.33.0-5.el8_8.2.i686.rpm SHA-256: 9e71abbc48472a4952649c5a91d14c7a742511509b3a2e5a4032498aabbd98c0
libnghttp2-1.33.0-5.el8_8.2.x86_64.rpm SHA-256: 63bf2ca959f88e6fe9c019e8a9698b2cf4e3247ff7683ef650fd80e0258d2cf0
libnghttp2-debuginfo-1.33.0-5.el8_8.2.i686.rpm SHA-256: 83021eecd30e5efe0feb9e602f1475677d62fe27e52cd26d643a950ca119f6ab
libnghttp2-debuginfo-1.33.0-5.el8_8.2.x86_64.rpm SHA-256: b0ff39ee53389276011955b9a86c393de321ac779780ad38ddf44e0c98b4c6b4
nghttp2-debuginfo-1.33.0-5.el8_8.2.i686.rpm SHA-256: fda6b4b0bd0b231a77c2b4b4a1539d3795a98021f06ebbc25cac08c9c0a681ca
nghttp2-debuginfo-1.33.0-5.el8_8.2.x86_64.rpm SHA-256: b4e0bd33bc0a958186a502ea14484fee5ab9bb64735b2326822690599947940e
nghttp2-debugsource-1.33.0-5.el8_8.2.i686.rpm SHA-256: e45cec3305321854cb1063c695d06cf9bbe6ede4e9de539d325e7591142b6163
nghttp2-debugsource-1.33.0-5.el8_8.2.x86_64.rpm SHA-256: 24ab479eaabd59a98ae0e74ec7ebf0763869669ef79e005cdb44d48e46c1e5b7

Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.8

SRPM
nghttp2-1.33.0-5.el8_8.2.src.rpm SHA-256: 70986cae845c31b6016396275a89cce5e3f2d25b2481160e321dafc3bb2d61aa
ppc64le
libnghttp2-1.33.0-5.el8_8.2.ppc64le.rpm SHA-256: de3abf097b9acaac0ce5e7d7fe14782174342fbb10beb417964f4f3408a70bc5
libnghttp2-debuginfo-1.33.0-5.el8_8.2.ppc64le.rpm SHA-256: 43ec65abcc5c6f64454f23552f836ad6516c9d431cad62d3a1f73ceb40f32d98
nghttp2-debuginfo-1.33.0-5.el8_8.2.ppc64le.rpm SHA-256: afbc1240b14364d89d0026bd371cf32a9c09c17d40be71f9a675f1b1b6e1bf17
nghttp2-debugsource-1.33.0-5.el8_8.2.ppc64le.rpm SHA-256: 01382d0216cc6b3412b5c4de77cffea9b17fb8e902c3f8d771902aee25aaa53e

Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.8

SRPM
nghttp2-1.33.0-5.el8_8.2.src.rpm SHA-256: 70986cae845c31b6016396275a89cce5e3f2d25b2481160e321dafc3bb2d61aa
x86_64
libnghttp2-1.33.0-5.el8_8.2.i686.rpm SHA-256: 9e71abbc48472a4952649c5a91d14c7a742511509b3a2e5a4032498aabbd98c0
libnghttp2-1.33.0-5.el8_8.2.x86_64.rpm SHA-256: 63bf2ca959f88e6fe9c019e8a9698b2cf4e3247ff7683ef650fd80e0258d2cf0
libnghttp2-debuginfo-1.33.0-5.el8_8.2.i686.rpm SHA-256: 83021eecd30e5efe0feb9e602f1475677d62fe27e52cd26d643a950ca119f6ab
libnghttp2-debuginfo-1.33.0-5.el8_8.2.x86_64.rpm SHA-256: b0ff39ee53389276011955b9a86c393de321ac779780ad38ddf44e0c98b4c6b4
nghttp2-debuginfo-1.33.0-5.el8_8.2.i686.rpm SHA-256: fda6b4b0bd0b231a77c2b4b4a1539d3795a98021f06ebbc25cac08c9c0a681ca
nghttp2-debuginfo-1.33.0-5.el8_8.2.x86_64.rpm SHA-256: b4e0bd33bc0a958186a502ea14484fee5ab9bb64735b2326822690599947940e
nghttp2-debugsource-1.33.0-5.el8_8.2.i686.rpm SHA-256: e45cec3305321854cb1063c695d06cf9bbe6ede4e9de539d325e7591142b6163
nghttp2-debugsource-1.33.0-5.el8_8.2.x86_64.rpm SHA-256: 24ab479eaabd59a98ae0e74ec7ebf0763869669ef79e005cdb44d48e46c1e5b7

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.