An AI model just found a decade-old attack that human security researchers somehow missed — and it works against almost every major web server on the internet.
OpenAI's Codex AI has discovered a remote denial-of-service exploit that researchers are calling the HTTP/2 Bomb. The attack silently drains a server's memory to the point of collapse, and the most alarming part: one home computer on a standard broadband connection can render a vulnerable server inaccessible in under 20 seconds.
The exploit targets nginx, Apache httpd, Microsoft IIS, Envoy, and Cloudflare Pingora — in their default configurations — and a Shodan scan puts the number of exposed internet-facing servers at over 880,000.
What Codex Actually Did
The attack chains two HTTP/2 features that security researchers had separately flagged as dangerous back in 2016, but never combined into a working exploit against modern servers. Codex read the codebases, recognized that the two techniques compose into something far more destructive, and built it.
The first piece is an HPACK indexed-reference bomb: HPACK is HTTP/2's header compression system. An attacker seeds it with one header entry, then fires thousands of 1-byte references to it. Each byte on the wire forces the server to allocate a full copy of the header in memory — up to 4,000 bytes per reference against Apache and Envoy.
The second piece is an HTTP/2 window stall: the attacker advertises a zero-byte flow-control window, which prevents the server from ever finishing its response — and therefore never freeing any of that allocated memory. Occasional 1-byte keep-alive frames reset the server's timeout indefinitely, pinning every byte in RAM for as long as the attack runs.
Against Apache httpd and Envoy, a single client can consume and hold 32 GB of server memory in roughly 18–20 seconds.
Patches and Mitigations
nginx patched the issue in version 1.29.8 by introducing a max_headers directive (default: 1000). Apache httpd's fix landed in mod_http2 v2.0.41 with a CVE assigned as CVE-2026-49975. Microsoft IIS, Envoy, and Cloudflare Pingora have been notified but have no patches available yet.
If you can't update immediately, the safest fallback across all affected servers is to disable HTTP/2 entirely (http2 off for nginx; Protocols http/1.1 for Apache). For unpatched deployments of IIS, Envoy, or Pingora, placing the server behind a reverse proxy that enforces a hard cap on per-request header count offers partial protection.
The researchers also note a broader architectural lesson: HTTP/2's spec accounts for amplification ratios, but not for memory that stays pinned — and fixing one without the other leaves the door open.