VDB
SUSE-SU-2026%3A1350-1
SUSE-SU-2026%3A1350-1
PUBLISHED
CVSS 7.5 HIGH
This update for nghttp2 fixes the following issue: - CVE-2026-27135: assertion failure due to missing state validation can lead to DoS (bsc#1259845).
Risk Scores
CVSS 3.1
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| libnghttp2 | ||
| python3 | ||
| nghttp2 | ||
| libnghttp2_asio1 | ||
| libnghttp2_asio |
Timeline
- Apr 15, 2026 CVE Published
References
- https://www.suse.com/support/security/rating/ url
- https://ftp.suse.com/pub/projects/security/csaf/suse-su-2026_1350-1.json advisory
- https://www.suse.com/support/update/announcement/2026/suse-su-20261350-1/ advisory
- https://lists.suse.com/pipermail/sle-updates/2026-April/045565.html advisory
- https://bugzilla.suse.com/1259845 advisory
- https://www.suse.com/security/cve/CVE-2026-27135/ advisory