High Threat Security Alert (A26-06-05): Vulnerability in HTTP/2 protocol


 

Published on: 04 June 2026

Description:

A denial-of-service (DoS) vulnerability (CVE-2026-49975) was found in HTTP/2 protocol. An attacker could exploit the vulnerability by sending specially crafted requests to an affected system.

Reports indicated that proof-of-concept (PoC) exploit code for a denial-of-service vulnerability (CVE-2026-49975, known as HTTP/2 Bomb) in HTTP/2 protocol is publicly available and it is at high risk of exploitation. System administrators are advised to take immediate action to patch your affected systems or follow the recommendations provided by the product vendors to mitigate the elevated risk of cyber attacks.

 

Affected Systems:

  • Systems with HTTP/2 protocol enabled

 

Impact:

Successful exploitation of the vulnerability could lead to denial of service on an affected system.

 

Recommendation:

System administrators of affected systems should follow the recommendations provided by the vendor and take immediate actions to mitigate the risk.

 

More Information:

  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1546
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6581
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8740
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-53020
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-49975
  • https://blog.calif.io/p/codex-discovered-a-hidden-http2-bomb
  • https://github.com/califio/publications/tree/main/MADBugs/http2-bomb


Tag: HTTP/2
Tags