Back

SUSE Linux Updates Address Critical DoS Vulnerability in nghttp2

Severity: High (Score: 70.5)

Sources: Linuxsecurity

Summary

SUSE has released updates for the nghttp2 library to address a critical denial-of-service (DoS) vulnerability identified as CVE-2026-27135. This vulnerability arises from an assertion failure due to missing state validation, potentially allowing attackers to disrupt services. Affected systems include SUSE Linux Enterprise Desktop 15 SP7, SUSE Linux Enterprise Server 15 SP7, and SUSE Linux Micro 6.2. The vulnerability was published on March 18, 2026, and has been assigned a CVSS score of 8.2, indicating a high severity level. Users are advised to apply the patches using SUSE's recommended installation methods. The updates are available for multiple architectures, including aarch64, ppc64le, s390x, and x86_64. There are no reports of active exploitation at this time, but the potential for service disruption remains a concern. Key Points: • CVE-2026-27135 is a critical DoS vulnerability in the nghttp2 library. • Affected products include SUSE Linux Enterprise Desktop and Server 15 SP7, and SUSE Linux Micro 6.2. • Users are urged to apply patches immediately to mitigate potential service disruptions.

Key Entities

  • DDoS (attack_type)
  • Denial of Service (attack_type)
  • CVE-2026-27135 (cve)
  • Nghttp2 (platform)
  • SUSE Linux Enterprise Desktop 15 SP7 (platform)
  • SUSE Linux Enterprise Real Time 15 SP7 (platform)
  • SUSE Linux Enterprise Server 15 SP7 (platform)
  • SUSE Linux Enterprise Server For SAP Applications 15 SP7 (platform)
Loading threat details...

Threat Not Found

The threat cluster you're looking for doesn't exist or has been removed.

Return to Feed