Is CVE-2026-49160 in the CISA Known Exploited Vulnerabilities catalog?

CVE-2026-49160 is not currently listed in the CISA KEV catalog.

Vulnerability intelligence

CVE-2026-49160

CVE-2026-49160: Codex agent found an HTTP/2 DoS that crashes NGINX, Apache, IIS, Envoy, and Pingora.

2026

What WebPulse reported · 2 analyses

An AI Agent Found a Protocol-Level Vulnerability That Crashes Web Servers

CVE-2026-49160: Codex agent found an HTTP/2 DoS that crashes NGINX, Apache, IIS, Envoy, and Pingora.

June 22, 2026

The HTTP/2 Bomb: One Client, 32GB of Server Memory, 20 Seconds.

A new denial-of-service technique exploits how every major web server handles HTTP/2 headers. Legacy CMS servers running on tight memory budgets are the easiest

June 11, 2026

View CVE-2026-49160 on the NIST National Vulnerability Database →

Related vulnerabilities

CVE-2026-9082 CVE-2026-8206 CVE-2026-48019 CVE-2026-35273 CVE-2026-11645 CVE-2026-8181 CVE-2026-47291 CVE-2026-45657