OpenAI Codex discovers critical HTTP/2 vulnerability CVE-2026-49975: a single client can exhaust server memory in seconds

The safety research team Calif and OpenAI Codex disclosed a high-severity denial-of-service vulnerability, CVE-2026-49975, in June 2026, naming it the