OpenAI Codex Chains Decade-Old DoS Attacks into New HTTP/2 Bomb Exploit

OpenAI Codex agent has discovered a new denial‑of‑service attack chaining together two vulnerabilities public for nearly a decade -- and the result can crash a vulnerable web server in seconds from a single home computer. Dubbed HTTP/2 Bomb, it was uncovered by researcher Quang Luong at security firm Calif, The Register reports. Both halves have been public for a decade. What Codex did was read the codebases, recognize that the two compose, and build the combined attack, the Calif team said. That combination is obvious once you see it, yet no human had put it together against these servers.

The attack marries an HPACK compression bomb (CVE‑2016‑6581) -- exploiting HTTP/2 header compression to force rapid memory allocation -- with a Slowloris‑style hold (CVE‑2016‑8740) that keeps connections alive indefinitely. Combined, per:¹ A home computer on a 100Mbps connection can render a vulnerable server inaccessible within seconds. Against Apache and Envoy, a single client can consume 32GB of server memory in roughly 20 seconds.

A Shodan query estimates roughly 880,000 websites may be vulnerable. nginx patched in 1.29.8. Apache patched in mod_http2 v2.0.41 (CVE‑2026‑49975). Envoy fix published. Microsoft IIS unpatched -- investigating mitigations. Cloudflare Pingora disputed -- existing DDoS protections claimed sufficient.

In April, Calif disclosed to nginx -- a fix was committed next day. Apache released a fix same day. Envoy later provided patches. Calif used public diffs to confirm IIS, Envoy, and Pingora were also vulnerable. PoC at califio/publications. Full details at Real World AI Security conference at Stanford.

Update nginx to 1.29.8+, Apache mod_http2 to v2.0.41+, or apply Envoy patches. For IIS users, disable HTTP/2 if possible and enforce header caps. The broader lesson: Codex did not invent new techniques -- it connected dots humans walked past for a decade. As AI agents become more capable at codebase analysis, patch‑deployment velocity, not discovery speed, becomes the real bottleneck.

This discovery lands as OpenAI recently launched Codex Security -- an AI application security agent. The same capability that found HTTP/2 Bomb could theoretically be used by attackers. AI ability to hold entire codebases in context and recognize compositional patterns is a capability humans lack at scale -- both a powerful defensive asset and a threat surface worth monitoring.