Apache HTTP Server: mod_http2 denial of service
CVE-2026-49975

Currently unrated

Key Information:

Vendor: Apache
Status: Apache Http Server
Vendor: CVE Published:; 8 June 2026

🔔 Create Apache Vulnerability Alert

Badges

🔥 Trending now📈 Trended📈 Score: 3,610👾 Exploit Exists🟡 Public PoC📰 News Worthy

What is CVE-2026-49975?

false

Affected Version(s)

Apache HTTP Server 2.4.17 <= 2.4.67

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2026-49975-HTTP-2-Bomb
Created by renzi25031469

News Articles

It Security News

CVE-2026-49975

IT Security News Hourly Summary 2026-06-04 21h : 6 posts - IT Security News

6 posts were published in the last hour 18:34 : Gartner SRM 2026 Signals a Cybersecurity Shift From Prevention to Resilience 18:34 : Imperva Customers Protected Against CVE-2026-49975 (HTTP/2 Bomb) DoS 18:34 : Cybercriminals Shift From Fake Login Pages to…Read more →

4 days ago

References

https://httpd.apache.org/security/vulnerabilities_24.html

vendor-advisory

Download the Critical Vulnerability Management Cheat Sheet

Timeline

📈
Vulnerability started trending
Jun 8, 2026
🟡
Public PoC available
Jun 8, 2026
👾
Exploit known to exist
Jun 8, 2026
Vulnerability published
Jun 8, 2026
📰
First article discovered by It Security News
Jun 4, 2026
Vulnerability Reserved
Jun 2, 2026

Credit

Quang Luong of Calif.IO in collaboration with OpenAI Codex

CVE-2026-49975 Data

JSON