Vulnerabilities
The Bugs AI Found This Week: an HTTP/2 'Bomb' and a Two-Year-Old Redis RCE
Two vulnerabilities disclosed this cycle were found by AI tooling: HTTP/2 Bomb (CVE-2026-49975), a remote DoS that crashes NGINX, Apache, IIS, Envoy and Cloudflare Pingora in default config, and CVE-2026-23479, a two-year-old authenticated RCE in Redis.