Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
8.1
Nginx: Unauthenticated Access to Sensitive Configuration Files
RHSA-2026:17792
Summary
Nginx servers are affected by a security issue that allows unauthorized access to sensitive configuration files. This could allow attackers to gain information about the server's setup and potentially exploit other vulnerabilities. To fix this issue, update your Nginx software to the latest version.
What to do
- Update redhat nginx to version 1:1.20.1-16.el9_4.6.
- Update redhat nginx-all-modules to version 1:1.20.1-16.el9_4.6.
- Update redhat nginx-core to version 1:1.20.1-16.el9_4.6.
- Update redhat nginx-filesystem to version 1:1.20.1-16.el9_4.6.
- Update redhat nginx-mod-devel to version 1:1.20.1-16.el9_4.6.
- Update redhat nginx-mod-http-image-filter to version 1:1.20.1-16.el9_4.6.
- Update redhat nginx-mod-http-perl to version 1:1.20.1-16.el9_4.6.
- Update redhat nginx-mod-http-xslt-filter to version 1:1.20.1-16.el9_4.6.
- Update redhat nginx-mod-mail to version 1:1.20.1-16.el9_4.6.
- Update redhat nginx-mod-stream to version 1:1.20.1-16.el9_4.6.
Affected software
| Ecosystem | Vendor | Product | Affected versions |
|---|---|---|---|
| Red Hat:rhel_eus:9.4::appstream | redhat | nginx |
< 1:1.20.1-16.el9_4.6 Fix: upgrade to 1:1.20.1-16.el9_4.6
|
| Red Hat:rhel_eus:9.4::appstream | redhat | nginx-all-modules |
< 1:1.20.1-16.el9_4.6 Fix: upgrade to 1:1.20.1-16.el9_4.6
|
| Red Hat:rhel_eus:9.4::appstream | redhat | nginx-core |
< 1:1.20.1-16.el9_4.6 Fix: upgrade to 1:1.20.1-16.el9_4.6
|
| Red Hat:rhel_eus:9.4::appstream | redhat | nginx-filesystem |
< 1:1.20.1-16.el9_4.6 Fix: upgrade to 1:1.20.1-16.el9_4.6
|
| Red Hat:rhel_eus:9.4::appstream | redhat | nginx-mod-devel |
< 1:1.20.1-16.el9_4.6 Fix: upgrade to 1:1.20.1-16.el9_4.6
|
| Red Hat:rhel_eus:9.4::appstream | redhat | nginx-mod-http-image-filter |
< 1:1.20.1-16.el9_4.6 Fix: upgrade to 1:1.20.1-16.el9_4.6
|
| Red Hat:rhel_eus:9.4::appstream | redhat | nginx-mod-http-perl |
< 1:1.20.1-16.el9_4.6 Fix: upgrade to 1:1.20.1-16.el9_4.6
|
| Red Hat:rhel_eus:9.4::appstream | redhat | nginx-mod-http-xslt-filter |
< 1:1.20.1-16.el9_4.6 Fix: upgrade to 1:1.20.1-16.el9_4.6
|
| Red Hat:rhel_eus:9.4::appstream | redhat | nginx-mod-mail |
< 1:1.20.1-16.el9_4.6 Fix: upgrade to 1:1.20.1-16.el9_4.6
|
| Red Hat:rhel_eus:9.4::appstream | redhat | nginx-mod-stream |
< 1:1.20.1-16.el9_4.6 Fix: upgrade to 1:1.20.1-16.el9_4.6
|
| Red Hat:rhel_eus:9.4::crb | redhat | nginx |
< 1:1.20.1-16.el9_4.6 Fix: upgrade to 1:1.20.1-16.el9_4.6
|
| Red Hat:rhel_eus:9.4::crb | redhat | nginx-all-modules |
< 1:1.20.1-16.el9_4.6 Fix: upgrade to 1:1.20.1-16.el9_4.6
|
| Red Hat:rhel_eus:9.4::crb | redhat | nginx-core |
< 1:1.20.1-16.el9_4.6 Fix: upgrade to 1:1.20.1-16.el9_4.6
|
| Red Hat:rhel_eus:9.4::crb | redhat | nginx-filesystem |
< 1:1.20.1-16.el9_4.6 Fix: upgrade to 1:1.20.1-16.el9_4.6
|
| Red Hat:rhel_eus:9.4::crb | redhat | nginx-mod-devel |
< 1:1.20.1-16.el9_4.6 Fix: upgrade to 1:1.20.1-16.el9_4.6
|
| Red Hat:rhel_eus:9.4::crb | redhat | nginx-mod-http-image-filter |
< 1:1.20.1-16.el9_4.6 Fix: upgrade to 1:1.20.1-16.el9_4.6
|
| Red Hat:rhel_eus:9.4::crb | redhat | nginx-mod-http-perl |
< 1:1.20.1-16.el9_4.6 Fix: upgrade to 1:1.20.1-16.el9_4.6
|
| Red Hat:rhel_eus:9.4::crb | redhat | nginx-mod-http-xslt-filter |
< 1:1.20.1-16.el9_4.6 Fix: upgrade to 1:1.20.1-16.el9_4.6
|
| Red Hat:rhel_eus:9.4::crb | redhat | nginx-mod-mail |
< 1:1.20.1-16.el9_4.6 Fix: upgrade to 1:1.20.1-16.el9_4.6
|
| Red Hat:rhel_eus:9.4::crb | redhat | nginx-mod-stream |
< 1:1.20.1-16.el9_4.6 Fix: upgrade to 1:1.20.1-16.el9_4.6
|
Original title
Red Hat Security Advisory: nginx security update
osv CVSS3.1
8.1
- https://access.redhat.com/errata/RHSA-2026:17792 Vendor Advisory
- https://access.redhat.com/security/updates/classification/#critical Third Party Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=2477116 Third Party Advisory
- https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_17792.... Vendor Advisory
- https://access.redhat.com/security/cve/CVE-2026-42945 Third Party Advisory
- https://www.cve.org/CVERecord?id=CVE-2026-42945 Vendor Advisory
- https://nvd.nist.gov/vuln/detail/CVE-2026-42945 Vendor Advisory
- https://depthfirst.com/nginx-rift Third Party Advisory
- https://my.f5.com/manage/s/article/K000161019 Third Party Advisory
Published: 16 May 2026 · Updated: 21 May 2026 · First seen: 21 May 2026