envoy http/2 exploit

The HTTP/2 Bomb: How a Zero-Byte Window Melts NGINX, Apache, and Envoy

Protect your web servers from the HTTP/2 Bomb vulnerability. Learn how a chained HPACK and Slowloris attack consumes 32GB of RAM and how to mitigate it.

William OGOU • Jun 4, 2026 • 8 min read

envoy http/2 exploit

The HTTP/2 Bomb: How a Zero-Byte Window Melts NGINX, Apache, and Envoy

Your Privacy Matters