Shared from twixb · thehackernews.com

New HTTP/2 Bomb Vulnerability Allows Remote DoS on NGINX, Apache, IIS, Envoy & Cloudflare

thehackernews.com·Jun 3, 2026

A new HTTP/2 bomb vulnerability has been discovered that can enable remote denial-of-service (DoS) attacks on multiple web servers, including NGINX, Apache, IIS, Envoy, and Cloudflare. This security flaw poses significant risks for server security and requires immediate attention from affected organizations.

The most valuable insight for you is the discovery of a new HTTP/2 Bomb vulnerability that affects major web servers like NGINX, Apache, IIS, Envoy, and Cloudflare, potentially leading to remote denial-of-service (DoS) attacks. This highlights the urgent need for updating your threat intelligence protocols to include monitoring and mitigation strategies for this vulnerability, ensuring your organization's servers are not susceptible to exploitation.

Want more content like this?

twixb tracks your favorite blogs and social media, filters by keywords, and delivers personalized key learnings — straight to your inbox.

Create Your Own →Explore Newsfeeds

More from Cybersecurity News

Recent stories curated alongside this one.

Browse all Cybersecurity News →

New HTTP/2 Bomb Vulnerability Allows Remote DoS on NGINX, Apache, IIS, Envoy & Cloudflare

Want more content like this?

More from Cybersecurity News

[Virtual Event] Anatomy of a Data Breach: What to Do if it Happens to You

Pakistan Spies on Afghan Finance Ministry With Xeno RAT

Chinese hackers use new Atlas RAT malware in European cyberattacks

Attackers Use AI to Automate EDR Evasion Testing

U.S. sanctions Nobitex crypto exchange used by Iranian ransomware actors