Intel

AIKIDO-2026-10423

nghttp2.nghttp2 is vulnerable to Denial of Service (DoS)

Denial of Service (DoS)CVE-2026-27135 Published Mar 30, 2026

75

High Risk

This Affects:

C++nghttp2.nghttp2
0.0.1 - 1.68.0
Fixed in 1.68.1
Are you affected? Scan for Free

TL;DR

Affected versions of this package may fail with an assertion and crash when processing HTTP/2 traffic if session termination is triggered but the library continues reading subsequent malformed frames due to missing internal state validation. An attacker able to send specially crafted frames could exploit this by first inducing a connection-termination path through enabled extension handling such as ALTSVC, PRIORITY_UPDATE, or user-defined extension frames, then immediately sending a malformed frame that triggers FRAME_SIZE_ERROR, resulting in a denial of service through process termination.

Who does this affect?

You are affected if you are using a version that falls within the vulnerable range.

Background info

nghttp2.nghttp2 is vulnerable to Denial of Service (DoS) in versions 0.0.1 - 1.68.0.

How to fix this

Upgrade the nghttp2.nghttp2 library to the patch version.

Links

Other

openwall.com/lists/oss-security/2026/03/20/3
http://www.openwall.com/lists/oss-security/2026/03/20/3
lists.debian.org/debian-lts-announce/2026/05/msg00025.html
https://lists.debian.org/debian-lts-announce/2026/05/msg00025.html
access.redhat.com/errata/RHSA-2026:10065
https://access.redhat.com/errata/RHSA-2026:10065
access.redhat.com/errata/RHSA-2026:11768
https://access.redhat.com/errata/RHSA-2026:11768
access.redhat.com/errata/RHSA-2026:13812
https://access.redhat.com/errata/RHSA-2026:13812
access.redhat.com/errata/RHSA-2026:14773
https://access.redhat.com/errata/RHSA-2026:14773
access.redhat.com/errata/RHSA-2026:14937
https://access.redhat.com/errata/RHSA-2026:14937
access.redhat.com/errata/RHSA-2026:15087
https://access.redhat.com/errata/RHSA-2026:15087
access.redhat.com/errata/RHSA-2026:16008
https://access.redhat.com/errata/RHSA-2026:16008
access.redhat.com/errata/RHSA-2026:16009
https://access.redhat.com/errata/RHSA-2026:16009
access.redhat.com/errata/RHSA-2026:16030
https://access.redhat.com/errata/RHSA-2026:16030
access.redhat.com/errata/RHSA-2026:16174
https://access.redhat.com/errata/RHSA-2026:16174
access.redhat.com/errata/RHSA-2026:17596
https://access.redhat.com/errata/RHSA-2026:17596
access.redhat.com/errata/RHSA-2026:19724
https://access.redhat.com/errata/RHSA-2026:19724
access.redhat.com/errata/RHSA-2026:19725
https://access.redhat.com/errata/RHSA-2026:19725
access.redhat.com/errata/RHSA-2026:20040
https://access.redhat.com/errata/RHSA-2026:20040
access.redhat.com/errata/RHSA-2026:20087
https://access.redhat.com/errata/RHSA-2026:20087
access.redhat.com/errata/RHSA-2026:21656
https://access.redhat.com/errata/RHSA-2026:21656
access.redhat.com/errata/RHSA-2026:21690
https://access.redhat.com/errata/RHSA-2026:21690
access.redhat.com/errata/RHSA-2026:21695
https://access.redhat.com/errata/RHSA-2026:21695
access.redhat.com/errata/RHSA-2026:25096
https://access.redhat.com/errata/RHSA-2026:25096
access.redhat.com/errata/RHSA-2026:27200
https://access.redhat.com/errata/RHSA-2026:27200
access.redhat.com/errata/RHSA-2026:27201
https://access.redhat.com/errata/RHSA-2026:27201
access.redhat.com/errata/RHSA-2026:6190
https://access.redhat.com/errata/RHSA-2026:6190
access.redhat.com/errata/RHSA-2026:7080
https://access.redhat.com/errata/RHSA-2026:7080
access.redhat.com/errata/RHSA-2026:7123
https://access.redhat.com/errata/RHSA-2026:7123
access.redhat.com/errata/RHSA-2026:7302
https://access.redhat.com/errata/RHSA-2026:7302
access.redhat.com/errata/RHSA-2026:7310
https://access.redhat.com/errata/RHSA-2026:7310
access.redhat.com/errata/RHSA-2026:7350
https://access.redhat.com/errata/RHSA-2026:7350
access.redhat.com/errata/RHSA-2026:7666
https://access.redhat.com/errata/RHSA-2026:7666
access.redhat.com/errata/RHSA-2026:7667
https://access.redhat.com/errata/RHSA-2026:7667
access.redhat.com/errata/RHSA-2026:7668
https://access.redhat.com/errata/RHSA-2026:7668
access.redhat.com/errata/RHSA-2026:7670
https://access.redhat.com/errata/RHSA-2026:7670
access.redhat.com/errata/RHSA-2026:7675
https://access.redhat.com/errata/RHSA-2026:7675
access.redhat.com/errata/RHSA-2026:7896
https://access.redhat.com/errata/RHSA-2026:7896
access.redhat.com/errata/RHSA-2026:7983
https://access.redhat.com/errata/RHSA-2026:7983
access.redhat.com/errata/RHSA-2026:8339
https://access.redhat.com/errata/RHSA-2026:8339
access.redhat.com/errata/RHSA-2026:8538
https://access.redhat.com/errata/RHSA-2026:8538
access.redhat.com/errata/RHSA-2026:8539
https://access.redhat.com/errata/RHSA-2026:8539
access.redhat.com/errata/RHSA-2026:8540
https://access.redhat.com/errata/RHSA-2026:8540
access.redhat.com/errata/RHSA-2026:8541
https://access.redhat.com/errata/RHSA-2026:8541
access.redhat.com/errata/RHSA-2026:8545
https://access.redhat.com/errata/RHSA-2026:8545
access.redhat.com/errata/RHSA-2026:8546
https://access.redhat.com/errata/RHSA-2026:8546
access.redhat.com/errata/RHSA-2026:8547
https://access.redhat.com/errata/RHSA-2026:8547
access.redhat.com/errata/RHSA-2026:8548
https://access.redhat.com/errata/RHSA-2026:8548
access.redhat.com/errata/RHSA-2026:8868
https://access.redhat.com/errata/RHSA-2026:8868
access.redhat.com/errata/RHSA-2026:9711
https://access.redhat.com/errata/RHSA-2026:9711
access.redhat.com/errata/RHSA-2026:9832
https://access.redhat.com/errata/RHSA-2026:9832
access.redhat.com/errata/RHSA-2026:9874
https://access.redhat.com/errata/RHSA-2026:9874
access.redhat.com/security/cve/CVE-2026-27135
https://access.redhat.com/security/cve/CVE-2026-27135
bugzilla.redhat.com/show_bug.cgi?id=2448754
https://bugzilla.redhat.com/show_bug.cgi?id=2448754
security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-27135.json
https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-27135.json