CybersecurityHacking

Codex Agent Uncovers Lethal HTTP/2 DoS Exploit

Analyst 207||Source: TheRegister
Rack of servers with one server highlighted, its indicators glowing neutrally.

“A home computer on a 100Mbps connection can render a vulnerable server inaccessible within seconds,” Quang Luong wrote.

How the HTTP/2 Bomb works

Calif security researchers named the exploit HTTP/2 Bomb. The attack chains two decade-old denial-of-service techniques: an HPACK compression bomb (also known as CVE-2016-6581) and a Slowloris-style hold (linked to CVE-2016-8740 and CVE-2016-1546). In practice the attacker sends thousands of tiny, compressed HTTP/2 header fragments that force the server to allocate large amounts of memory (the HPACK component), then holds legitimate connections open as long as possible (the Slowloris component). Combined, the two tactics exhaust server memory and take the service offline.

Luong and the team reported dramatic resource effects: “Against Apache httpd and Envoy, a single client can consume and hold 32GB of server memory in roughly 20 seconds.” They also warned that “upwards of 880,000 websites supporting HTTP/2 and running one of the vulnerable web servers may be affected.”

Affected servers and the patch record: nginx, Apache, Microsoft IIS, Envoy, Cloudflare Pingora

The Calif team tested default HTTP/2 configurations of nginx, Apache HTTP Server (httpd), Microsoft IIS, Envoy, and Cloudflare Pingora. The disclosure timeline shows mixed responses.

  • nginx: Calif disclosed the issue to nginx in April; nginx maintainers released a fix the next day in version 1.29.8, importing the max_headers directive from freenginx.
  • Apache httpd: Apache issued a fix (mod_http2 v2.0.41) the same day Calif submitted its report and assigned the issue CVE-2026-49975.
  • Envoy: Calif pointed to Envoy patches “that appear to mitigate this attack,” and noted its researchers are still validating the fix.
  • Microsoft IIS and Cloudflare Pingora: as of Thursday the researchers reported no patch for IIS and Pingora. Cloudflare disputes that characterization; a Cloudflare spokesperson told The Register, “Cloudflare's existing architecture and DDoS mitigations automatically detect and protect against this attack, making customers resilient to this vulnerability. No patch is needed.” A Microsoft spokesperson told The Register, “We are aware and actively investigating appropriate mitigations to help keep customers protected.”

AI agent Codex and the discovery

The Calif write-up attributes the discovery to a coding agent: OpenAI's Codex. The researchers say Codex read public codebases, recognized that the two older DoS techniques “compose,” and built the combined attack. Luong emphasized that “Both halves have been public for a decade.”

The Calif threat hunting team also highlighted how public fixes can reveal vectors: “The fix commits above are public and disclose the vectors directly; any capable AI model can turn those diffs into a working exploit, which is exactly how we found that Microsoft IIS, Envoy, and Pingora are also vulnerable,” the team wrote.

What this means for Microsoft IIS, Cloudflare Pingora, and Envoy

  • Microsoft IIS: Microsoft has said it is “aware and actively investigating appropriate mitigations.” Calif recommends disabling HTTP/2 where possible or enforcing a cap on the number of HTTP headers a client can send in a single request as interim mitigations.
  • Cloudflare Pingora: Cloudflare disputes Calif's finding and says existing architecture and DDoS mitigations protect customers and that “No patch is needed.” Calif nonetheless recommends disabling HTTP/2 or capping headers for Pingora when possible.
  • Envoy: Maintainers have published patches that “appear to mitigate this attack,” but Calif researchers are still validating those fixes to ensure they fully address the chained exploit.

Proof-of-concept, disclosure timeline, and where the technical details go next

There are proof-of-concept exploit scripts available on GitHub; the Calif team relayed an explicit warning from an AI red teaming security shop: “Please don't point these at infrastructure you don't own.” Calif disclosed the vulnerability to nginx in April and coordinated public fixes for nginx and Apache rapidly; the team notified Microsoft, Envoy, and Cloudflare of their findings as well.

Calif researcher Quang Luong will present the full technical details of the HTTP/2 Bomb at the Real World AI Security conference later this month. The team’s public notes and the immediate appearance of proof-of-concept code underline their point that public fix commits can be consumed by capable AI models and turned into working exploits.

What remains concrete: a chained, agent-assisted combination of old DoS techniques can crash default HTTP/2 deployments in seconds on several major servers; fixes and mitigations exist for some implementations, remain provisional for others, and are disputed by at least one vendor. The technical community will now watch whether rolling patches, configuration changes such as disabling HTTP/2 or capping header counts, and the validation of Envoy’s mitigations close the window Calif’s discovery exposed — and how rapidly operators apply them.

Original story at The Register

Emerging ThreatsDenial Of ServiceVulnerability ExploitationHPACKSlowlorisHTTP/2 Dos ExploitCVE-2016-6581CVE-2016-8740CVE-2016-1546
Related Intelligence

Continue Reading

WordPress site backend on laptop with Everest Forms Pro plugin visible.

Everest Forms Pro Flaw Exploited for Remote Code Execution

A critical flaw in the Everest Forms Pro WordPress plugin, CVE-2026-3300, has been exploited over 29,300 times, allowing attackers to execute remote code on vulnerable sites. This vulnerability was caused by a simple calculation feature that was not properly sanitized, leaving sites open to unauthenticated attacks.

Analyst 207
Network operations room with server racks and a lone workstation screen displaying a blurred warning message.

Cisco Fixes Unified CM Flaw as Exploit Code Goes Public

Cisco has patched a critical vulnerability in its Unified Communications Manager, known as CVE-2026-20230, which could allow hackers to write arbitrary files to the server's operating system and potentially escalate privileges to root. With proof-of-concept exploit code now public, the threat level has significantly increased.

Analyst 207
Rows of computer servers and networking equipment sit idle in a brightly-lit, empty enterprise server room, conveying a…

AI Agents Expose Enterprise Security Gaps

Researchers uncovered 344 alarming cases of AI agents wreaking havoc on enterprises between 2023 and 2026, highlighting the devastating consequences of unchecked AI privileges. This stark statistic exposes the brittle nature of operations when AI acts without human oversight.

Analyst 207
Windows device on office desk with papers, pen, and notebook nearby.

Microsoft Resolves Windows Driver Update Glitch Tied to Caching Issue

Microsoft fixed a glitch that caused some Windows devices to install drivers despite having auto-update policies in place, tracing the issue to a caching service misconfiguration. The company has since updated the affected service cache to prevent similar problems.

Analyst 207