Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.

Nginx 1.24 Security Update for Potential Remote Code Execution

RHSA-2026:17752

Summary

A security update is available for Nginx 1.24 to fix a potential vulnerability that could allow an attacker to execute malicious code on a server. This update is crucial for servers running Nginx to prevent unauthorized access and data breaches. IT teams should apply the update as soon as possible to ensure the security of their systems.

What to do

Update redhat nginx to version 1:1.24.0-4.module+el9.6.0+24297+b3b39a7f.3.
Update redhat nginx-all-modules to version 1:1.24.0-4.module+el9.6.0+24297+b3b39a7f.3.
Update redhat nginx-core to version 1:1.24.0-4.module+el9.6.0+24297+b3b39a7f.3.
Update redhat nginx-core-debuginfo to version 1:1.24.0-4.module+el9.6.0+24297+b3b39a7f.3.
Update redhat nginx-debuginfo to version 1:1.24.0-4.module+el9.6.0+24297+b3b39a7f.3.
Update redhat nginx-debugsource to version 1:1.24.0-4.module+el9.6.0+24297+b3b39a7f.3.
Update redhat nginx-filesystem to version 1:1.24.0-4.module+el9.6.0+24297+b3b39a7f.3.
Update redhat nginx-mod-devel to version 1:1.24.0-4.module+el9.6.0+24297+b3b39a7f.3.
Update redhat nginx-mod-http-image-filter to version 1:1.24.0-4.module+el9.6.0+24297+b3b39a7f.3.
Update redhat nginx-mod-http-image-filter-debuginfo to version 1:1.24.0-4.module+el9.6.0+24297+b3b39a7f.3.
Update redhat nginx-mod-http-perl to version 1:1.24.0-4.module+el9.6.0+24297+b3b39a7f.3.
Update redhat nginx-mod-http-perl-debuginfo to version 1:1.24.0-4.module+el9.6.0+24297+b3b39a7f.3.
Update redhat nginx-mod-http-xslt-filter to version 1:1.24.0-4.module+el9.6.0+24297+b3b39a7f.3.
Update redhat nginx-mod-http-xslt-filter-debuginfo to version 1:1.24.0-4.module+el9.6.0+24297+b3b39a7f.3.
Update redhat nginx-mod-mail to version 1:1.24.0-4.module+el9.6.0+24297+b3b39a7f.3.
Update redhat nginx-mod-mail-debuginfo to version 1:1.24.0-4.module+el9.6.0+24297+b3b39a7f.3.
Update redhat nginx-mod-stream to version 1:1.24.0-4.module+el9.6.0+24297+b3b39a7f.3.
Update redhat nginx-mod-stream-debuginfo to version 1:1.24.0-4.module+el9.6.0+24297+b3b39a7f.3.

Affected software

Ecosystem	Vendor	Product	Affected versions
Red Hat:rhel_eus:9.6::appstream	redhat	nginx	< 1:1.24.0-4.module+el9.6.0+24297+b3b39a7f.3 Fix: upgrade to 1:1.24.0-4.module+el9.6.0+24297+b3b39a7f.3
Red Hat:rhel_eus:9.6::appstream	redhat	nginx-all-modules	< 1:1.24.0-4.module+el9.6.0+24297+b3b39a7f.3 Fix: upgrade to 1:1.24.0-4.module+el9.6.0+24297+b3b39a7f.3
Red Hat:rhel_eus:9.6::appstream	redhat	nginx-core	< 1:1.24.0-4.module+el9.6.0+24297+b3b39a7f.3 Fix: upgrade to 1:1.24.0-4.module+el9.6.0+24297+b3b39a7f.3
Red Hat:rhel_eus:9.6::appstream	redhat	nginx-core-debuginfo	< 1:1.24.0-4.module+el9.6.0+24297+b3b39a7f.3 Fix: upgrade to 1:1.24.0-4.module+el9.6.0+24297+b3b39a7f.3
Red Hat:rhel_eus:9.6::appstream	redhat	nginx-debuginfo	< 1:1.24.0-4.module+el9.6.0+24297+b3b39a7f.3 Fix: upgrade to 1:1.24.0-4.module+el9.6.0+24297+b3b39a7f.3
Red Hat:rhel_eus:9.6::appstream	redhat	nginx-debugsource	< 1:1.24.0-4.module+el9.6.0+24297+b3b39a7f.3 Fix: upgrade to 1:1.24.0-4.module+el9.6.0+24297+b3b39a7f.3
Red Hat:rhel_eus:9.6::appstream	redhat	nginx-filesystem	< 1:1.24.0-4.module+el9.6.0+24297+b3b39a7f.3 Fix: upgrade to 1:1.24.0-4.module+el9.6.0+24297+b3b39a7f.3
Red Hat:rhel_eus:9.6::appstream	redhat	nginx-mod-devel	< 1:1.24.0-4.module+el9.6.0+24297+b3b39a7f.3 Fix: upgrade to 1:1.24.0-4.module+el9.6.0+24297+b3b39a7f.3
Red Hat:rhel_eus:9.6::appstream	redhat	nginx-mod-http-image-filter	< 1:1.24.0-4.module+el9.6.0+24297+b3b39a7f.3 Fix: upgrade to 1:1.24.0-4.module+el9.6.0+24297+b3b39a7f.3
Red Hat:rhel_eus:9.6::appstream	redhat	nginx-mod-http-image-filter-debuginfo	< 1:1.24.0-4.module+el9.6.0+24297+b3b39a7f.3 Fix: upgrade to 1:1.24.0-4.module+el9.6.0+24297+b3b39a7f.3
Red Hat:rhel_eus:9.6::appstream	redhat	nginx-mod-http-perl	< 1:1.24.0-4.module+el9.6.0+24297+b3b39a7f.3 Fix: upgrade to 1:1.24.0-4.module+el9.6.0+24297+b3b39a7f.3
Red Hat:rhel_eus:9.6::appstream	redhat	nginx-mod-http-perl-debuginfo	< 1:1.24.0-4.module+el9.6.0+24297+b3b39a7f.3 Fix: upgrade to 1:1.24.0-4.module+el9.6.0+24297+b3b39a7f.3
Red Hat:rhel_eus:9.6::appstream	redhat	nginx-mod-http-xslt-filter	< 1:1.24.0-4.module+el9.6.0+24297+b3b39a7f.3 Fix: upgrade to 1:1.24.0-4.module+el9.6.0+24297+b3b39a7f.3
Red Hat:rhel_eus:9.6::appstream	redhat	nginx-mod-http-xslt-filter-debuginfo	< 1:1.24.0-4.module+el9.6.0+24297+b3b39a7f.3 Fix: upgrade to 1:1.24.0-4.module+el9.6.0+24297+b3b39a7f.3
Red Hat:rhel_eus:9.6::appstream	redhat	nginx-mod-mail	< 1:1.24.0-4.module+el9.6.0+24297+b3b39a7f.3 Fix: upgrade to 1:1.24.0-4.module+el9.6.0+24297+b3b39a7f.3
Red Hat:rhel_eus:9.6::appstream	redhat	nginx-mod-mail-debuginfo	< 1:1.24.0-4.module+el9.6.0+24297+b3b39a7f.3 Fix: upgrade to 1:1.24.0-4.module+el9.6.0+24297+b3b39a7f.3
Red Hat:rhel_eus:9.6::appstream	redhat	nginx-mod-stream	< 1:1.24.0-4.module+el9.6.0+24297+b3b39a7f.3 Fix: upgrade to 1:1.24.0-4.module+el9.6.0+24297+b3b39a7f.3
Red Hat:rhel_eus:9.6::appstream	redhat	nginx-mod-stream-debuginfo	< 1:1.24.0-4.module+el9.6.0+24297+b3b39a7f.3 Fix: upgrade to 1:1.24.0-4.module+el9.6.0+24297+b3b39a7f.3

Original title

Red Hat Security Advisory: nginx:1.24 security update

osv CVSS3.1 8.1

https://access.redhat.com/errata/RHSA-2026:17752 Vendor Advisory
https://access.redhat.com/security/updates/classification/#critical Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2477116 Third Party Advisory
https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_17752.... Vendor Advisory
https://access.redhat.com/security/cve/CVE-2026-42945 Third Party Advisory
https://www.cve.org/CVERecord?id=CVE-2026-42945 Vendor Advisory
https://nvd.nist.gov/vuln/detail/CVE-2026-42945 Vendor Advisory
https://depthfirst.com/nginx-rift Third Party Advisory
https://my.f5.com/manage/s/article/K000161019 Third Party Advisory

Published: 16 May 2026 · Updated: 21 May 2026 · First seen: 21 May 2026