{"schema_version":"1.6.0","id":"ROOT-OS-DEBIAN-13-CVE-2026-27135","modified":"2026-03-31T12:10:47Z","published":"2026-03-31T12:10:47Z","upstream":["CVE-2026-27135"],"summary":"CVE-2026-27135 in rootio-nghttp2 - Patched by Root","details":"Root has patched CVE-2026-27135 in the rootio-nghttp2 package for Root:Debian:13. Multiple fixed versions available.","affected":[{"package":{"name":"rootio-nghttp2","ecosystem":"Root:Debian:13"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.64.0-1.1.root.io.1"}]}],"database_specific":{"all_fixed_versions":["1.64.0-1.1.root.io.1"],"root_patch_version":"root.io.1","root_patched":true,"total_fixed_versions":1,"upstream_version":"1.64.0-1.1"}}],"database_specific":{"distro":"debian","distro_version":"13","severity":"HIGH","source":"Root"}}