CVE-2026-59173

No Score

Description

A denial-of-service (DoS) vulnerability exists in some HTTP/2 server implementations that fail to adequately limit resource consumption when buffering response data under stalled flow-control conditions. A remote, unauthenticated attacker can trigger memory exhaustion and service interruption by using standard flow-control parameters such as SETTINGS_INITIAL_WINDOW_SIZE = 0 to stall outbound data for multiple simultaneous request streams.

References

https://kb.cert.org/vuls/id/885548

Details

Source: Mitre, NVD

Published: 2026-07-16