diff --git a/api/build.gradle b/api/build.gradle
index 582ed0ed4..b6fedb7a5 100644
--- a/api/build.gradle
+++ b/api/build.gradle
@@ -69,6 +69,7 @@ dependencies {
     implementation libs.apache.commons.compress
     implementation libs.okhttp3.logging.intercepter
     implementation libs.reactor.netty.http
+    implementation libs.netty.codec.http2
     // CVE Fixes End
 
     implementation libs.modelcontextprotocol.spring.webflux
diff --git a/gradle/libs.versions.toml b/gradle/libs.versions.toml
index c020b6f2d..94e022899 100644
--- a/gradle/libs.versions.toml
+++ b/gradle/libs.versions.toml
@@ -153,3 +153,5 @@ snappy = {module = 'org.xerial.snappy:snappy-java', version = '1.1.10.7'}
 
 # CVE fixes
 reactor-netty-http = {module = 'io.projectreactor.netty:reactor-netty-http', version = '1.2.8'}
+# Fixes https://www.cve.org/CVERecord?id=CVE-2025-55163
+netty-codec-http2 = {module = 'io.netty:netty-codec-http2', version = '4.1.124.Final'}