Bug 2448754 (CVE-2026-27135) - CVE-2026-27135 nghttp2: nghttp2: Denial of Service via malformed HTTP/2 frames after session termination
Summary: CVE-2026-27135 nghttp2: nghttp2: Denial of Service via malformed HTTP/2 frame...
Keywords:
Status: NEW
Alias: CVE-2026-27135
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
high
high
Target Milestone: ---
Assignee: Product Security DevOps Team
QA Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2026-03-18 19:03 UTC by OSIDB Bzimport
Modified: 2026-05-05 17:49 UTC (History)
8 users (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2026:7698 0 None None None 2026-04-13 06:34:06 UTC
Red Hat Product Errata RHBA-2026:7705 0 None None None 2026-04-13 07:23:54 UTC
Red Hat Product Errata RHBA-2026:7706 0 None None None 2026-04-13 07:32:37 UTC
Red Hat Product Errata RHBA-2026:7707 0 None None None 2026-04-13 07:31:16 UTC
Red Hat Product Errata RHBA-2026:7855 0 None None None 2026-04-13 12:26:42 UTC
Red Hat Product Errata RHBA-2026:7856 0 None None None 2026-04-13 12:49:05 UTC
Red Hat Product Errata RHBA-2026:8054 0 None None None 2026-04-14 12:52:21 UTC
Red Hat Product Errata RHBA-2026:8055 0 None None None 2026-04-14 14:06:14 UTC
Red Hat Product Errata RHBA-2026:8065 0 None None None 2026-04-14 14:00:34 UTC
Red Hat Product Errata RHBA-2026:8118 0 None None None 2026-04-14 14:29:22 UTC
Red Hat Product Errata RHBA-2026:8120 0 None None None 2026-04-14 14:29:49 UTC
Red Hat Product Errata RHBA-2026:8199 0 None None None 2026-04-14 21:16:05 UTC
Red Hat Product Errata RHBA-2026:8271 0 None None None 2026-04-15 11:05:03 UTC
Red Hat Product Errata RHBA-2026:8280 0 None None None 2026-04-15 09:30:41 UTC
Red Hat Product Errata RHBA-2026:8293 0 None None None 2026-04-15 10:53:51 UTC
Red Hat Product Errata RHBA-2026:8299 0 None None None 2026-04-15 12:35:01 UTC
Red Hat Product Errata RHBA-2026:8320 0 None None None 2026-04-15 16:28:15 UTC
Red Hat Product Errata RHBA-2026:8353 0 None None None 2026-04-15 22:24:02 UTC
Red Hat Product Errata RHSA-2026:13812 0 None None None 2026-05-05 17:49:49 UTC
Red Hat Product Errata RHSA-2026:7080 0 None None None 2026-04-08 13:54:44 UTC
Red Hat Product Errata RHSA-2026:7123 0 None None None 2026-04-08 18:05:01 UTC
Red Hat Product Errata RHSA-2026:7302 0 None None None 2026-04-09 12:47:13 UTC
Red Hat Product Errata RHSA-2026:7310 0 None None None 2026-04-09 13:20:06 UTC
Red Hat Product Errata RHSA-2026:7350 0 None None None 2026-04-09 20:20:44 UTC
Red Hat Product Errata RHSA-2026:7666 0 None None None 2026-04-13 01:31:40 UTC
Red Hat Product Errata RHSA-2026:7667 0 None None None 2026-04-13 02:09:02 UTC
Red Hat Product Errata RHSA-2026:7668 0 None None None 2026-04-13 02:24:25 UTC
Red Hat Product Errata RHSA-2026:7670 0 None None None 2026-04-13 02:47:40 UTC
Red Hat Product Errata RHSA-2026:7675 0 None None None 2026-04-13 02:23:14 UTC
Red Hat Product Errata RHSA-2026:7896 0 None None None 2026-04-13 18:29:22 UTC
Red Hat Product Errata RHSA-2026:7983 0 None None None 2026-04-14 06:52:14 UTC
Red Hat Product Errata RHSA-2026:8339 0 None None None 2026-04-15 19:04:45 UTC
Red Hat Product Errata RHSA-2026:8538 0 None None None 2026-04-16 18:42:56 UTC
Red Hat Product Errata RHSA-2026:8539 0 None None None 2026-04-16 18:40:33 UTC
Red Hat Product Errata RHSA-2026:8540 0 None None None 2026-04-16 18:43:34 UTC
Red Hat Product Errata RHSA-2026:8541 0 None None None 2026-04-16 18:38:29 UTC
Red Hat Product Errata RHSA-2026:8545 0 None None None 2026-04-16 19:37:49 UTC
Red Hat Product Errata RHSA-2026:8546 0 None None None 2026-04-16 19:25:33 UTC
Red Hat Product Errata RHSA-2026:8547 0 None None None 2026-04-16 19:43:15 UTC
Red Hat Product Errata RHSA-2026:8548 0 None None None 2026-04-16 19:43:54 UTC
Red Hat Product Errata RHSA-2026:8868 0 None None None 2026-04-20 02:47:08 UTC
Red Hat Product Errata RHSA-2026:9711 0 None None None 2026-04-22 13:57:36 UTC
Red Hat Product Errata RHSA-2026:9874 0 None None None 2026-04-22 21:44:48 UTC

Description OSIDB Bzimport 2026-03-18 19:03:26 UTC 
nghttp2 is an implementation of the Hypertext Transfer Protocol version 2 in C. Prior to version 1.68.1, the nghttp2 library stops reading the incoming data when user facing public API `nghttp2_session_terminate_session` or `nghttp2_session_terminate_session2` is called by the application. They might be called internally by the library when it detects the situation that is subject to connection error. Due to the missing internal state validation, the library keeps reading the rest of the data after one of those APIs is called. Then receiving a malformed frame that causes FRAME_SIZE_ERROR causes assertion failure. nghttp2 v1.68.1 adds missing state validation to avoid assertion failure. No known workarounds are available.
Comment 3 errata-xmlrpc 2026-04-08 13:54:43 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 10

Via RHSA-2026:7080 https://access.redhat.com/errata/RHSA-2026:7080
Comment 4 errata-xmlrpc 2026-04-08 18:05:00 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2026:7123 https://access.redhat.com/errata/RHSA-2026:7123
Comment 5 errata-xmlrpc 2026-04-09 12:47:11 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2026:7302 https://access.redhat.com/errata/RHSA-2026:7302
Comment 6 errata-xmlrpc 2026-04-09 13:20:04 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 10.0 Extended Update Support

Via RHSA-2026:7310 https://access.redhat.com/errata/RHSA-2026:7310
Comment 7 errata-xmlrpc 2026-04-09 20:20:43 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2026:7350 https://access.redhat.com/errata/RHSA-2026:7350
Comment 9 errata-xmlrpc 2026-04-13 01:31:39 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 10

Via RHSA-2026:7666 https://access.redhat.com/errata/RHSA-2026:7666
Comment 10 errata-xmlrpc 2026-04-13 02:09:00 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2026:7667 https://access.redhat.com/errata/RHSA-2026:7667
Comment 11 errata-xmlrpc 2026-04-13 02:23:13 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 10

Via RHSA-2026:7675 https://access.redhat.com/errata/RHSA-2026:7675
Comment 12 errata-xmlrpc 2026-04-13 02:24:24 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2026:7668 https://access.redhat.com/errata/RHSA-2026:7668
Comment 13 errata-xmlrpc 2026-04-13 02:47:39 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2026:7670 https://access.redhat.com/errata/RHSA-2026:7670
Comment 15 errata-xmlrpc 2026-04-13 18:29:20 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2026:7896 https://access.redhat.com/errata/RHSA-2026:7896
Comment 16 errata-xmlrpc 2026-04-14 06:52:12 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.6 Extended Update Support

Via RHSA-2026:7983 https://access.redhat.com/errata/RHSA-2026:7983
Comment 17 errata-xmlrpc 2026-04-15 19:04:44 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2026:8339 https://access.redhat.com/errata/RHSA-2026:8339
Comment 18 errata-xmlrpc 2026-04-16 18:38:28 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.2 Advanced Update Support

Via RHSA-2026:8541 https://access.redhat.com/errata/RHSA-2026:8541
Comment 19 errata-xmlrpc 2026-04-16 18:40:32 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support
  Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On

Via RHSA-2026:8539 https://access.redhat.com/errata/RHSA-2026:8539
Comment 20 errata-xmlrpc 2026-04-16 18:42:54 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support
  Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions
  Red Hat Enterprise Linux 8.6 Telecommunications Update Service

Via RHSA-2026:8538 https://access.redhat.com/errata/RHSA-2026:8538
Comment 21 errata-xmlrpc 2026-04-16 18:43:32 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions
  Red Hat Enterprise Linux 8.8 Telecommunications Update Service

Via RHSA-2026:8540 https://access.redhat.com/errata/RHSA-2026:8540
Comment 22 errata-xmlrpc 2026-04-16 19:25:32 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions

Via RHSA-2026:8546 https://access.redhat.com/errata/RHSA-2026:8546
Comment 23 errata-xmlrpc 2026-04-16 19:37:48 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions

Via RHSA-2026:8545 https://access.redhat.com/errata/RHSA-2026:8545
Comment 24 errata-xmlrpc 2026-04-16 19:43:13 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.4 Extended Update Support

Via RHSA-2026:8547 https://access.redhat.com/errata/RHSA-2026:8547
Comment 25 errata-xmlrpc 2026-04-16 19:43:52 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.6 Extended Update Support

Via RHSA-2026:8548 https://access.redhat.com/errata/RHSA-2026:8548
Comment 26 errata-xmlrpc 2026-04-20 02:47:06 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 10.0 Extended Update Support

Via RHSA-2026:8868 https://access.redhat.com/errata/RHSA-2026:8868
Comment 27 errata-xmlrpc 2026-04-22 13:57:35 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.4 Extended Update Support

Via RHSA-2026:9711 https://access.redhat.com/errata/RHSA-2026:9711
Comment 29 errata-xmlrpc 2026-04-22 21:44:47 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.6 Extended Update Support

Via RHSA-2026:9874 https://access.redhat.com/errata/RHSA-2026:9874
Comment 32 errata-xmlrpc 2026-05-05 17:49:47 UTC 
This issue has been addressed in the following products:

  RHEL-8 based Middleware Containers

Via RHSA-2026:13812 https://access.redhat.com/errata/RHSA-2026:13812
Note You need to log in before you can comment on or make changes to this bug.