VDB
RHSA-2026%3A8546
RHSA-2026%3A8546
PUBLISHED
CVSS 7.5 HIGH
An update for nghttp2 is now available for Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Risk Scores
CVSS 3.1
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| nghttp2 | ||
| Red Hat Enterprise Linux BaseOS E4S (v.9.0) | ||
| libnghttp2 |
Exploit Intelligence
- https://access.redhat.com/errata/RHSA-2026:8546 (circl)
- https://access.redhat.com/security/updates/classification/#important (circl)
- https://bugzilla.redhat.com/show_bug.cgi?id=2448754 (circl)
- https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_8546.json (circl)
- UBUNTU-CVE-2026-27135.json (github-poc)
- UBUNTU-CVE-2026-27135.json (github-poc)
- UBUNTU-CVE-2026-27135.json (github-poc)
- sbom_nghttp2.yml (github-poc)
- sbom_nghttp2.yml (github-poc)
- sbom_nghttp2.yml (github-poc)
…and 21 more exploits
Timeline
- Apr 16, 2026 CVE Published
- Apr 23, 2026 CVE Updated
- Apr 24, 2026 Distribution Patch
- Apr 24, 2026 Distribution Patch
- Apr 24, 2026 Security Advisory
- May 1, 2026 Security Advisory