Ghostwire

CVE-2026-44909: Description A denial-of-service (DoS) vulnerability exists in some HTTP/2 server implementations that fail to adequately...

MEDIUM CVSS 0.0

Published: July 16, 2026 | Last Modified: July 16, 2026

Description

Description A denial-of-service (DoS) vulnerability exists in some HTTP/2 server implementations that fail to adequately limit resource consumption when buffering response data under stalled flow-control conditions. A remote, unauthenticated attacker can trigger memory exhaustion and service interruption by using standard flow-control parameters such as SETTINGS_INITIAL_WINDOW_SIZE = 0 to stall outbound data for multiple simultaneous request streams.

Ghostwire Analysis — What This Means Practically

This analysis is generated by Ghostwire from NVD, CISA KEV, EPSS, and open-source intelligence data. Verify findings through primary sources before acting.

References