logo

HTTP/2 Bomb Attacks Put Telcos, Healthcare Orgs at Risk

ID: e8d0578c-efbc-522f-b671-b54c0fd9a293

STIX ID: report--e8d0578c-efbc-522f-b671-b54c0fd9a293

Feed Name: Dark Reading

Threat Score
75/100

Date Published: 2026-06-15

Date Updated: 2026-06-17

Author: Nate Nelson

...
...

The report describes CVE-2026-49975, called "HTTP/2 Bomb," an unauthenticated HTTP/2 amplification/DoS vulnerability that chains HPACK header compression and flow-control behavior to let small requests expand into large memory/response amplification; a public PoC and attacker scanning exist, around 880,000 servers may be affected, and vendor patching has been uneven so immediate patching is strongly advised.

Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.