CVE-2026-27135

🗓️ 18 Mar 2026 17:59:02Reported by GitHub_MType

nghttp2 before 1.68.1 reads data after termination calls, causing FRAME_SIZE_ERROR and assertion.

Reporter	Title	Published	Views	Family All 316
IBM Security Bulletins	Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to multiple Operator package issues	10 Jun 202618:06	–	ibm
IBM Security Bulletins	Security Bulletin: IBM App Connect Enterprise Certified Container UBI updates	7 May 202613:38	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities in IBM MQ Operator and Queue manager container images	15 May 202613:21	–	ibm
ATTACKERKB	CVE-2026-27135	18 Mar 202617:59	–	attackerkb
Tenable Nessus	Amazon Linux 2023 : libnghttp2, libnghttp2-devel, nghttp2 (ALAS2023-2026-1542)	13 Apr 202600:00	–	nessus
Tenable Nessus	Amazon Linux 2023 : nodejs24, nodejs24-devel, nodejs24-full-i18n (ALAS2023-2026-1647)	20 May 202600:00	–	nessus
Tenable Nessus	Amazon Linux 2023 : nodejs22, nodejs22-devel, nodejs22-full-i18n (ALAS2023-2026-1648)	20 May 202600:00	–	nessus
Tenable Nessus	Amazon Linux 2 : nghttp2, --advisory ALAS2-2026-3232 (ALAS-2026-3232)	14 Apr 202600:00	–	nessus
Tenable Nessus	AlmaLinux 10 : nodejs22 (ALSA-2026:7080)	10 Apr 202600:00	–	nessus
Tenable Nessus	AlmaLinux 8 : nodejs:22 (ALSA-2026:7123)	16 Apr 202600:00	–	nessus

NVD

Vulners

Node

nghttp2 nghttp2Range<1.68.1

[
  {
    "vendor": "nghttp2",
    "product": "nghttp2",
    "versions": [
      {
        "version": "< 1.68.1",
        "status": "affected"
      }
    ]
  }
]

Source	Link
github	www.github.com/nghttp2/nghttp2/commit/5c7df8fa815ac1004d9ecb9d1f7595c4d37f46e1
github	www.github.com/nghttp2/nghttp2/security/advisories/GHSA-6933-cjhr-5qg6
lists	www.lists.debian.org/debian-lts-announce/2026/05/msg00025.html
openwall	www.openwall.com/lists/oss-security/2026/03/20/3

13 May 2026 22:16Current

5.8Medium risk

Vulners AI Score5.8

CVSS 3.17.5

EPSS0.0003

SSVC

CWE-617