CVE-2026-27135 | nghttp2 up to 1.68.0 HTTP/2 nghttp2_session_terminate_session assertion (GHSA-6933-cjhr-5qg6 / WID-SEC-2026-0775)

A vulnerability identified as problematic has been detected in nghttp2 up to 1.68.0. This impacts the function nghttp2_session_terminate_session of the component HTTP2 Handler. Performing a manipulation results in reachable assertion.

This vulnerability is identified as CVE-2026-27135. The attack can be initiated remotely. There is not any exploit available.

You should upgrade the affected component.VulDB Recent EntriesRead More