diff --git a/backport-Fix-576-Avoid-signed-overlow-with-nonascii-character.patch b/backport-Fix-576-Avoid-signed-overlow-with-nonascii-character.patch
new file mode 100644
index 0000000000000000000000000000000000000000..464ae7aea66e6dfe0f5aaeddb72468eb34a528d2
--- /dev/null
+++ b/backport-Fix-576-Avoid-signed-overlow-with-nonascii-character.patch
@@ -0,0 +1,26 @@
+From 6c41490d78e44faf51203533f82b87390be784eb Mon Sep 17 00:00:00 2001
+From: Quanah Gibson-Mount <quanah.gibsonmount@gmail.com>
+Date: Tue, 5 Oct 2021 17:07:10 +0000
+Subject: [PATCH] Fix #576 - Avoid signed overlow with nonascii characters
+
+Signed-off-by: Quanah Gibson-Mount <quanah.gibsonmount@gmail.com>
+---
+ saslauthd/auth_httpform.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/saslauthd/auth_httpform.c b/saslauthd/auth_httpform.c
+index 5f6c17c8..1d36979f 100644
+--- a/saslauthd/auth_httpform.c
++++ b/saslauthd/auth_httpform.c
+@@ -180,7 +180,7 @@ static char *url_escape(
+         return NULL;
+ 
+     while (inidx < length) {
+-        char in = string[inidx];
++    	unsigned char in = (unsigned char)string[inidx];
+         if (!(in >= 'a' && in <= 'z') &&
+             !(in >= 'A' && in <= 'Z') &&
+             !(in >= '0' && in <= '9')) {
+-- 
+2.43.0
+
diff --git a/cyrus-sasl.spec b/cyrus-sasl.spec
index 31b82d9a7dddfa0c1201ce524c8493815e0aa5b6..9bf72b055dba98764578a0e0452088e4c9f27b74 100644
--- a/cyrus-sasl.spec
+++ b/cyrus-sasl.spec
@@ -6,7 +6,7 @@
 
 Name: cyrus-sasl
 Version: 2.1.27
-Release: 19
+Release: 20
 Summary: The Cyrus SASL API Implementation
 
 License: BSD with advertising
@@ -24,6 +24,7 @@ Patch5: backport-Fix-heap-corruption.patch
 Patch6: backport-Fix-_sasl_add_string.patch
 Patch7: backport-saslauthd-check-for-malformed-HTTP-responses.patch
 Patch8: 0001-saslauthd-fix-checking-for-malformed-HTTP-responses.patch
+Patch9: backport-Fix-576-Avoid-signed-overlow-with-nonascii-character.patch
 
 BuildRequires: autoconf, automake, libtool, gdbm-devel, groff
 BuildRequires: krb5-devel >= 1.2.2, openssl-devel, pam-devel, pkgconfig
@@ -331,6 +332,9 @@ getent passwd %{username} >/dev/null || useradd -r -g %{username} -d %{homedir}
 
 
 %changelog
+* Thu Dec 18 2025 yixiangzhike <yixiangzhike007@163.com> - 2.1.27-20
+- backport upstream patch to avoid signed overlow with nonascii character
+
 * Tue Nov 18 2025 yixiangzhike <yixiangzhike007@163.com> - 2.1.27-19
 - fix saslauthd coredump with httpform