/AI1d ago

Calif uses OpenAI's Codex to discover HTTP/2 Bomb vulnerability that pins 32GB of memory in 10 seconds

The remote DoS exploit affects Nginx, Apache, and Cloudflare.

451.6K3401.1K132.8K

Reposts

#812

Original post

Calif@calif_io

Introducing HTTP/2 Bomb: a remote DoS in nginx, Apache httpd, Microsoft IIS, Envoy, and Cloudflare Pingora. A single client pins 32GB of server memory in 10s. Found by Codex.

Blog post: https://blog.calif.io/p/codex-discovered-a-hidden-http2-bomb

PoCs: https://github.com/califio/publications/tree/main/MADBugs/http2-bomb

12:23 PM · Jun 2, 2026 · 130.8K Views

/AI1d ago

Calif uses OpenAI's Codex to discover HTTP/2 Bomb vulnerability that pins 32GB of memory in 10 seconds

The remote DoS exploit affects Nginx, Apache, and Cloudflare.

--0--

Reposts

#812

Original post

Calif@calif_io

Introducing HTTP/2 Bomb: a remote DoS in nginx, Apache httpd, Microsoft IIS, Envoy, and Cloudflare Pingora. A single client pins 32GB of server memory in 10s. Found by Codex.

Blog post: https://blog.calif.io/p/codex-discovered-a-hidden-http2-bomb

PoCs: https://github.com/califio/publications/tree/main/MADBugs/http2-bomb

12:23 PM · Jun 2, 2026 · 130.8K Views

Sentiment

Many users expressed alarm over the HTTP/2 Bomb vulnerability's ability to remotely exhaust RAM on servers like Nginx Apache and IIS while others reacted positively to the OpenAI Codex discovery with relief thanks and server updates.

Pos

36.4%

Neg

63.6%

12 comments with sentiment.

Cluster Engagement

Sentiment

Sentiment building, check back later.

Cluster Engagement

Views

Comments

Reposts

Bookmarks

Expand data

Posts from X

Most Activity

No ranked X posts are available for this story yet.