HTTP/2 Bomb single-connection memory-exhaustion DoS

cve · CVE-2026-49975

Coverage timeline

first 2026-06-04 → last 2026-06-04

Briefs

1 distinct

Sources cited

3 hosts

Sections touched

deep_dive

Co-occurring entities

no co-occurrence

Story timeline

2026-06-04CTI Daily Brief — 2026-06-04
deep_diveDeep dive — network-stack DoS, IIS/Envoy/Pingora unpatched

Where this entity is cited

deep_dive1

Source distribution

blog.calif.io1 (33%)
openwall.com1 (33%)
thehackernews.com1 (33%)

External references

NVD · cve.org · CISA KEV

All cited sources (3)

blog.calif.ioprimaryinlineCalif/Codex, 2026-06-02https://blog.calif.io/p/codex-discovered-a-hidden-http2-bomb
source profile · cited in 2026-06-04
openwall.cominlineoss-security mailing listhttps://www.openwall.com/lists/oss-security/2026/06/03/3
cited in 2026-06-04
thehackernews.cominlineThe Hacker Newshttps://thehackernews.com/2026/06/new-http2-bomb-vulnerability-allows.html
cited in 2026-06-04

Items in briefs about HTTP/2 Bomb single-connection memory-exhaustion DoS

No parsed item heading or body matches this entity yet. Items match by exact CVE id (for CVE entities), by lead-segment substring of the title in the item heading or body, or by a distinctive anchor token from the title appearing in the item heading. Coverage that lives inside a broader section (no per-item heading) is captured by the Story timeline above.