Issued at: 2026-07-08
Updated at: 2026-07-08
Synopsis
Important: nginx security, bug fix, and enhancement update
Description
nginx is a web and proxy server supporting HTTP and other protocols, with a focus on high concurrency, performance, and low memory usage.
Security Fix(es):
* nginx: NGINX: Arbitrary code execution or Denial of Service via heap-based buffer overflow with crafted HTTP/2 headers (CVE-2026-42055)
Bug Fix(es) and Enhancement(s):
* "HTTP/2 bomb" nginx fix breaks module ABI causing crashes [rhel-10.2.z] (JIRA:Rocky Linux-191778)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.