A newly disclosed remote denial-of-service exploit dubbed “HTTP/2 Bomb” targets the default HTTP/2 configurations of the world’s most widely deployed web servers, nginx, Apache httpd, Microsoft IIS, Envoy, and Cloudflare Pingora, enabling a single attacker on a home internet connection to exhaust tens of gigabytes of server memory in seconds.
More Information:
https://cybersecuritynews.com/http-2-bo ... s-exploit/
https://thehackernews.com/2026/06/new-h ... llows.html
HTTP/2 Bomb — Remote DoS Exploit Hits nginx, Apache, IIS, Envoy, and Cloudflare Pingora
-
Starburst-David
- Posts: 53
- Joined: Wed Feb 11, 2026 8:31 pm