Zero Day MonitorZDM
DashboardVulnerabilitiesTrendingZero-DaysNewsAbout
Login
ImpressumPrivacy Policy
Zero Day Monitor © 2026
3875 articles · 175980 vulns · 37/41 feeds (7d)
← Back to list
7.5
CVE-2026-49788EXPLOITEDPATCHED
Microsoft · Windows 10 Version 1607

HTTP/2 Denial of Service Vulnerability

Description

Allocation of resources without limits or throttling in HTTP/2 allows an unauthorized attacker to deny service over a network.

Affected Products

VendorProductVersions
MicrosoftWindows 10 Version 160710.0.14393.0, 10.0.17763.0, 10.0.19044.0, 10.0.19045.0, 10.0.26100.0, 10.0.26200.0, 10.0.28000.0, 10.0.14393.0, 10.0.14393.0, 10.0.17763.0, 10.0.17763.0, 10.0.20348.0, 10.0.26100.0, 10.0.26100.0

Also Affects

Downstream vendors/products affected by this vulnerability

VendorProductSourceConfidence
microsoftwindows 11 version 25h2mitre_affected90%
microsoftwindows 11 version 24h2mitre_affected90%
microsoftwindowsmitre_affected90%
microsoftwindows 10 version 21h2mitre_affected90%
microsoftwindows 10 versionmitre_affected90%

References

  • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-49788(vendor-advisory, patch)

Related News (2 articles)

Tier C
VulDB5h ago
CVE-2026-49788 | Microsoft Windows up to Server 2025 HTTP/2 allocation of resources
→ No new info (linked only)
Tier A
Microsoft MSRC9h ago
CVE-2026-49788 HTTP/2 Denial of Service Vulnerability
→ No new info (linked only)
CVSS 3.17.5 HIGH
VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
CISA KEV❌ No
Actively exploited✅ Yes
Patch available
10.0.14393.933910.0.17763.902010.0.19044.754810.0.19045.754810.0.26100.887510.0.26200.887510.0.28000.226910.0.20348.538610.0.26100.33158
CWECWE-770
PublishedJul 14, 2026
Last enriched6h agov2
Trending Score67
Source articles2
Independent2
Info Completeness9/14
Missing: title, epss, kev, iocs, mitre_attack

Community Vote

0
Login to vote
0 upvotes0 downvotes
No votes yet

Related CVEs (5)

HIGHCVE-2026-56155EXPKEV
Active Directory Federation Services Elevation of Privilege Vulnerability
Trending: 138
MEDIUMCVE-2026-56164EXPKEV
Microsoft SharePoint Server Elevation of Privilege Vulnerability
Trending: 135
HIGHCVE-2026-50656EXP
Microsoft Defender Elevation of Privilege Vulnerability
Trending: 100
HIGHCVE-2026-41091EXPKEV
Microsoft Defender Elevation of Privilege Vulnerability
Trending: 72
CRITICALCVE-2026-55040EXP
Weak authentication in Microsoft Office SharePoint allows an unauthorized attacker to bypass a security feature over a network.
Trending: 72

Pin to Dashboard

Verification

State: verified
Confidence: 0%

Vulnerability Timeline

CVE Published
Jul 14, 2026
Discovered by ZDM
Jul 14, 2026
Updated: description, exploitAvailable, activelyExploited
Jul 14, 2026
Actively Exploited
Jul 14, 2026
Exploit Available
Jul 14, 2026
Patch Available
Jul 14, 2026

Version History

v2
Last enriched 6h ago
v2Tier A6h ago

Added a detailed description of the vulnerability and marked it as actively exploited with an available exploit.

descriptionexploitAvailableactivelyExploited
via Microsoft MSRC
v16h ago

Initial creation