PT-2026-26134 · Nghttp2+3 · Nghttp2+3

Andrewmohawk

·

Published

2026-01-01

·

Updated

2026-05-06

·

CVE-2026-27135

CVSS v3.1

7.5

High

VectorAV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Name of the Vulnerable Software and Affected Versions nghttp2 versions prior to 1.68.1
Description nghttp2 is a C implementation of the Hypertext Transfer Protocol version 2. Versions of nghttp2 prior to 1.68.1 are susceptible to a denial-of-service condition. This occurs because the library does not properly validate its internal state after the nghttp2 session terminate session or nghttp2 session terminate session2 APIs are called. Consequently, the library continues to process incoming data, and a malformed frame can trigger an assertion failure, leading to a crash. The issue is triggered by receiving a frame that causes a FRAME SIZE ERROR.
Recommendations Update to nghttp2 version 1.68.1 or later.

Exploit

Fix

DoS

Assertion Failure

Weakness Enumeration

CWE-617

Related Identifiers

ALSA-2026:7080
ALSA-2026:7123
ALSA-2026:7350
ALSA-2026:7666
ALSA-2026:7667
ALSA-2026:7668
ALSA-2026:7670
ALSA-2026:7675
ALSA-2026:7896
ALSA-2026:8339
CVE-2026-27135
ECHO-0B39-783F-9CD3
GHSA-6933-CJHR-5QG6
OESA-2026-1754
OPENSUSE-SU-2026:10437-1
OPENSUSE-SU-2026:20413-1
RHSA-2026:6190
RHSA-2026:7080
RHSA-2026:7123
RHSA-2026:7302
RHSA-2026:7310
RHSA-2026:7350
RHSA-2026:7666
RHSA-2026:7667
RHSA-2026:7668
RHSA-2026:7670
RHSA-2026:7675
RHSA-2026:7896
RHSA-2026:7983
RHSA-2026:8339
RHSA-2026:8538
RHSA-2026:8539
RHSA-2026:8540
RHSA-2026:8541
RHSA-2026:8545
RHSA-2026:8546
RHSA-2026:8547
RHSA-2026:8548
RHSA-2026:8868
RHSA-2026:9711
RHSA-2026:9874
SUSE-SU-2026:1056-1
SUSE-SU-2026:1074-1
SUSE-SU-2026:1247-1
SUSE-SU-2026:1350-1
SUSE-SU-2026:20833-1
SUSE-SU-2026:20870-1
SUSE-SU-2026:20925-1
SUSE-SU-2026:20950-1
USN-8233-1
USN-8233-2

Affected Products

Linuxmint
Rocky Linux
Ubuntu
Nghttp2