HTTP/2 Bomb Vulnerability Enables DoS Attacks on NGINX, Apache, and IIS3. June 2026CybersecurityHTTP/2 default configurations in NGINX, Apache, IIS, Envoy, and Cloudflare Pingora enable remote denial-of-service attacks. Share on: