VDB

RHSA-2026%3A19372

RHSA-2026%3A19372 PUBLISHED CVSS 8.100000381469727 HIGH

A flaw was found in NGINX, specifically within the ngx_http_rewrite_module. An unauthenticated attacker can exploit this vulnerability by sending crafted HTTP requests under specific rewrite configurations. This can lead to a heap buffer overflow in the NGINX worker process, which may result in arbitrary code execution if Address Space Layout Randomization (ASLR), a security technique to prevent exploitation, is disabled. Otherwise, this flaw causes a denial of service due to a restart of the NGINX worker process.

Risk Scores

CVSS 3.1
8.100000381469727
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Affected Products

VendorProductVersions
Red Hatnginx-mod-devel-2:1.26.3-9.module+el9.8.0+24288+e2e6d896.aarch64 (nginx:1.26) as a component of Red Hat Enterprise Linux AppStream (v. 9)1.26.3-9.module
Red Hatnginx-2:1.26.3-9.module+el9.8.0+24288+e2e6d896.aarch64 (nginx:1.26) as a component of Red Hat Enterprise Linux AppStream (v. 9)1.26.3-9.module
Red Hatnginx-debugsource-2:1.26.3-9.module+el9.8.0+24288+e2e6d896.ppc64le (nginx:1.26) as a component of Red Hat Enterprise Linux AppStream (v. 9)1.26.3-9.module
Red Hatnginx-mod-stream-2:1.26.3-9.module+el9.8.0+24288+e2e6d896.s390x (nginx:1.26) as a component of Red Hat Enterprise Linux AppStream (v. 9)1.26.3-9.module
Red Hatnginx-mod-mail-debuginfo-2:1.26.3-9.module+el9.8.0+24288+e2e6d896.ppc64le (nginx:1.26) as a component of Red Hat Enterprise Linux AppStream (v. 9)1.26.3-9.module
Red Hatnginx-mod-http-image-filter-2:1.26.3-9.module+el9.8.0+24288+e2e6d896.s390x (nginx:1.26) as a component of Red Hat Enterprise Linux AppStream (v. 9)1.26.3-9.module
Red Hatnginx-mod-http-perl-debuginfo-2:1.26.3-9.module+el9.8.0+24288+e2e6d896.s390x (nginx:1.26) as a component of Red Hat Enterprise Linux AppStream (v. 9)1.26.3-9.module
Red Hatnginx-core-2:1.26.3-9.module+el9.8.0+24288+e2e6d896.s390x (nginx:1.26) as a component of Red Hat Enterprise Linux AppStream (v. 9)1.26.3-9.module
Red Hatnginx-mod-http-image-filter-2:1.26.3-9.module+el9.8.0+24288+e2e6d896.x86_64 (nginx:1.26) as a component of Red Hat Enterprise Linux AppStream (v. 9)1.26.3-9.module
Red Hatnginx-mod-mail-debuginfo-2:1.26.3-9.module+el9.8.0+24288+e2e6d896.aarch64 (nginx:1.26) as a component of Red Hat Enterprise Linux AppStream (v. 9)1.26.3-9.module
Red Hatnginx-debuginfo-2:1.26.3-9.module+el9.8.0+24288+e2e6d896.ppc64le (nginx:1.26) as a component of Red Hat Enterprise Linux AppStream (v. 9)1.26.3-9.module
Red Hatnginx-debugsource-2:1.26.3-9.module+el9.8.0+24288+e2e6d896.x86_64 (nginx:1.26) as a component of Red Hat Enterprise Linux AppStream (v. 9)1.26.3-9.module
Red Hatnginx-core-debuginfo-2:1.26.3-9.module+el9.8.0+24288+e2e6d896.aarch64 (nginx:1.26) as a component of Red Hat Enterprise Linux AppStream (v. 9)1.26.3-9.module
Red Hatnginx-debugsource-2:1.26.3-9.module+el9.8.0+24288+e2e6d896.aarch64 (nginx:1.26) as a component of Red Hat Enterprise Linux AppStream (v. 9)1.26.3-9.module
Red Hatnginx-mod-http-xslt-filter-debuginfo-2:1.26.3-9.module+el9.8.0+24288+e2e6d896.aarch64 (nginx:1.26) as a component of Red Hat Enterprise Linux AppStream (v. 9)1.26.3-9.module
Red Hatnginx-mod-stream-2:1.26.3-9.module+el9.8.0+24288+e2e6d896.aarch64 (nginx:1.26) as a component of Red Hat Enterprise Linux AppStream (v. 9)1.26.3-9.module
Red Hatnginx-mod-mail-2:1.26.3-9.module+el9.8.0+24288+e2e6d896.aarch64 (nginx:1.26) as a component of Red Hat Enterprise Linux AppStream (v. 9)1.26.3-9.module
Red Hatnginx-mod-http-xslt-filter-2:1.26.3-9.module+el9.8.0+24288+e2e6d896.aarch64 (nginx:1.26) as a component of Red Hat Enterprise Linux AppStream (v. 9)1.26.3-9.module
Red Hatnginx-mod-mail-2:1.26.3-9.module+el9.8.0+24288+e2e6d896.x86_64 (nginx:1.26) as a component of Red Hat Enterprise Linux AppStream (v. 9)1.26.3-9.module
Red Hatnginx-mod-stream-debuginfo-2:1.26.3-9.module+el9.8.0+24288+e2e6d896.x86_64 (nginx:1.26) as a component of Red Hat Enterprise Linux AppStream (v. 9)1.26.3-9.module

…and 47 more

Timeline

  • May 19, 2026 CVE Published
  • Jun 23, 2026 CVE Updated
  • Jun 23, 2026 Distribution Patch
  • Jun 23, 2026 Distribution Patch
  • Jun 23, 2026 Security Advisory
  • Jun 23, 2026 Security Advisory
Open in Interactive Console →
$ Console Community · 100/wk Open console ›