OSS Funded Open source funding news, grants, sponsorships, and deal flow.
Published June 2, 2026 · Added June 5, 2026

Codex Discovered a Hidden HTTP/2 Bomb

Calif says OpenAI's Codex helped discover HTTP/2 Bomb, a denial-of-service exploit affecting default HTTP/2 configurations in nginx, Apache httpd, Microsoft IIS, Envoy, and Cloudflare Pingora by chaining HPACK compression amplification with a flow-control hold.

Calif says OpenAI’s Codex helped discover HTTP/2 Bomb, a denial-of-service exploit affecting default HTTP/2 configurations in nginx, Apache httpd, Microsoft IIS, Envoy, and Cloudflare Pingora by chaining HPACK compression amplification with a flow-control hold.

Read the original story.

Source: Calif