PT-2026-38541 — Canonical Nghttp2

PT-2026-38541 · Canonical · Nghttp2

Published

2026-05-06

Updated

2026-05-06

None

No severity ratings or metrics are available. When they are, we'll update the corresponding info on the page.

USN-8233-1 fixed a vulnerability in nghttp2. This update provides the corresponding update for Ubuntu 26.04 LTS.

Original advisory details:

Andrew MacPherson discovered that nghttp2 did not properly validate internal state when the session termination API was called. A remote attacker could possibly use this issue to cause nghttp2 to crash, resulting in a denial of service.

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

USN-8233-2

Affected Products

Nghttp2