New HTTP/2 Denial-of-Service Flaw Impacts Widely Used Web Servers
A critical vulnerability, identified as 'HTTP/2 Bomb' (CVE-2026-49975), has been revealed, posing a denial-of-service risk to popular web server software. Implementations such as nginx, Apache httpd, Microsoft IIS, Envoy, and Cloudflare Pingora are affected. This flaw could allow remote attackers to exhaust server resources, potentially causing service disruptions.
Want more?
Open NewsSnap.ai for the full app experience, including audio, personalization, and more news tools.