diff --git a/mod_http2-2.0.26-CVE-2024-36387.patch b/mod_http2-2.0.26-CVE-2024-36387.patch
new file mode 100644
index 0000000..b7c53c0
--- /dev/null
+++ b/mod_http2-2.0.26-CVE-2024-36387.patch
@@ -0,0 +1,17 @@
+--- a/mod_http2/h2_c2.c	2024/06/24 17:34:59	1918556
++++ b/mod_http2/h2_c2.c	2024/06/24 17:51:42	1918557
+@@ -370,6 +370,13 @@
+     h2_conn_ctx_t *conn_ctx = h2_conn_ctx_get(f->c);
+     apr_status_t rv;
+ 
++   if (bb == NULL) {
++#if !AP_MODULE_MAGIC_AT_LEAST(20180720, 1)
++        f->c->data_in_output_filters = 0;
++#endif
++        return APR_SUCCESS;
++    }
++
+     ap_assert(conn_ctx);
+ #if AP_HAS_RESPONSE_BUCKETS
+     if (!conn_ctx->has_final_response) {
+
diff --git a/mod_http2.spec b/mod_http2.spec
index 113fbc6..31b33d3 100644
--- a/mod_http2.spec
+++ b/mod_http2.spec
@@ -3,7 +3,7 @@
 
 Name:		mod_http2
 Version:	2.0.26
-Release:	2%{?dist}
+Release:	3%{?dist}
 Summary:	module implementing HTTP/2 for Apache 2
 License:	ASL 2.0
 URL:		https://icing.github.io/mod_h2/
@@ -14,6 +14,8 @@ Source0:	https://github.com/icing/mod_h2/releases/download/v%{version}/mod_http2
 #
 # https://bugzilla.redhat.com/show_bug.cgi?id=2268277
 Patch100:      mod_http2-2.0.26-CVE-2024-27316.patch
+# https://bugzilla.redhat.com/show_bug.cgi?id=2295006
+Patch101:      mod_http2-2.0.26-CVE-2024-36387.patch
 
 BuildRequires: make
 BuildRequires:  gcc
@@ -53,6 +55,10 @@ echo "LoadModule proxy_http2_module modules/mod_proxy_http2.so" > %{buildroot}%{
 %{_httpd_moddir}/mod_proxy_http2.so
 
 %changelog
+* Tue Jul 09 2024 Luboš Uhliarik <luhliari@redhat.com> - 2.0.26-3
+- Resolves: RHEL-45806 - mod_http2: DoS by null pointer in websocket
+  over HTTP/2 (CVE-2024-36387)
+
 * Fri Apr 05 2024 Luboš Uhliarik <luhliari@redhat.com> - 2.0.26-2
 - Resolves: RHEL-31855 - mod_http2: httpd: CONTINUATION frames
   DoS (CVE-2024-27316)