Issued:: 2026-04-16
Updated:: 2026-04-16

RHSA-2026:8541 - Security Advisory

Overview
Updated Packages

Synopsis

Important: nghttp2 security update

Type/Severity

Security Advisory: Important

Red Hat Lightspeed patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for nghttp2 is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

libnghttp2 is a library implementing the Hypertext Transfer Protocol version 2 (HTTP/2) protocol in C.

Security Fix(es):

nghttp2: nghttp2: Denial of Service via malformed HTTP/2 frames after session termination (CVE-2026-27135)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Affected Products

Red Hat Enterprise Linux Server - AUS 8.2 x86_64

Fixes

BZ - 2448754 - CVE-2026-27135 nghttp2: nghttp2: Denial of Service via malformed HTTP/2 frames after session termination

CVEs

CVE-2026-27135

References

https://access.redhat.com/security/updates/classification/#important

Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat Enterprise Linux Server - AUS 8.2

SRPM
nghttp2-1.33.0-3.el8_2.4.src.rpm	SHA-256: 5dc4e518bbf929dccff0813e9a7e61b360605d655e92843da64672f3b31e98b8
x86_64
libnghttp2-1.33.0-3.el8_2.4.i686.rpm	SHA-256: 72e27c3828566f2d4b55e08499583adb0422ba4eedfc2dd6edf827630350415c
libnghttp2-1.33.0-3.el8_2.4.x86_64.rpm	SHA-256: ca7e614d725c4c56591d4a7941f14b1265863e12189dd859e77ff2a896208175
libnghttp2-debuginfo-1.33.0-3.el8_2.4.i686.rpm	SHA-256: 7c7ecf74acc244a4f3f314e741d7ecf30083d350873344c7221e5b377a373fa7
libnghttp2-debuginfo-1.33.0-3.el8_2.4.x86_64.rpm	SHA-256: e0b8f47293013089c1474bd397904c6063d3c1a353a154923ffb3394c56aecf3
nghttp2-debuginfo-1.33.0-3.el8_2.4.i686.rpm	SHA-256: 4b3b62886cbc8fad6fd8924692359e19b7eb33436c053f72979e7a6969d91f55
nghttp2-debuginfo-1.33.0-3.el8_2.4.x86_64.rpm	SHA-256: 03ae44fb5e00a49f784897abd33a9eff70dcda8fd41eb228d8ac789db4ea71c5
nghttp2-debugsource-1.33.0-3.el8_2.4.i686.rpm	SHA-256: 353b274f46fce358d172d0aa2ea00f980944158c457da7b41059387138c7ae33
nghttp2-debugsource-1.33.0-3.el8_2.4.x86_64.rpm	SHA-256: be96bb01e247549e86d4b46fe4228da035e26216e50c807c69d3181f88207bf5

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Select Your Language

Infrastructure and Management

Cloud Computing

Storage

Runtimes

Integration and Automation