OpenAI Codex Uncovers HTTP/2 Bomb DoS Exploit Affecting nginx, Apache, and Microsoft IIS
Published
Key Takeaways
- AI-Discovered Exploit: OpenAI's Codex agent helped uncover the HTTP/2 Bomb, a remote denial-of-service exploit targeting default HTTP/2 server configurations.
- Massive Attack Surface: More than 880,000 websites supporting HTTP/2 and running vulnerable web servers may be affected.
- Partial Patching Status: Nginx and Apache HTTP Server have issued fixes, while Microsoft IIS and Cloudflare Pingora have not released patches as of Thursday.
OpenAI's Codex agent helped uncover a remote denial-of-service (DoS) exploit that can crash vulnerable web servers in seconds from a single machine, according to Calif researchers. The exploit, named HTTP/2 Bomb, targets default HTTP/2 configurations of nginx, Apache HTTP Server, Microsoft IIS, Envoy, and Cloudflare Pingora.
How the HTTP/2 Bomb Works
Calif researcher Quang Luong discovered the attack by having OpenAI's Codex chain two DoS techniques that have been publicly known for more than a decade: the HPACK compression bomb and a Slowloris-style hold. Combined, the two techniques exhaust a server's memory and force it offline.
Luong detailed the attack chain and noted that more than 880,000 websites that support HTTP/2 and run one of the affected servers may be at risk.
Against Apache httpd and Envoy, a single client can consume and hold 32GB of server memory in roughly 20 seconds. A home computer on a 100Mbps connection can render a vulnerable server inaccessible within seconds.
"HPACK Bomb" was assigned CVE-2016-6581 in 2016, and the CVE-2025-53020 Apache HTTP Server flaw was tracked in 2025. HTTP/2 Slowloris-type exhaustion without the compression amplifier is also not new: CVE-2016-8740 for unbounded CONTINUATION frames and CVE-2016-1546 for worker-thread starvation, both in Apache httpd, were tracked in 2016.
Patch Status Across Affected Servers
Researchers Jun Rong and Duc Phan confirmed the attack on other web servers. Nginx addressed the issue in version 1.29.8. Apache issued a fix in mod_http2 v2.0.41 and assigned the vulnerability CVE-2026-49975. Calif later pointed to Envoy patches that appear to mitigate the attack, with validation still ongoing.
As of Thursday, Microsoft IIS had not issued a patch. Microsoft told The Register it was aware and actively investigating mitigations. Cloudflare stated that its existing architecture and DDoS mitigations automatically detect and protect against the attack, and that no patch is needed for Cloudflare Pingora customers.
Luong is scheduled to present full technical details at the Real World AI Security conference.
Last week, FortiClient EMS was exploited via CVE-2026-35616 to deploy EKZ Infostealer. In December 2025, the Triofox unauthenticated access flaw was chained with the AV scanning feature abuse to deploy remote access tools.
Related
Get expert insights on threats, breaches, scams, and security trends — delivered every Monday.
Most Popular
Get expert insights on threats, breaches, scams, and security trends — delivered every Monday.
Most Popular