diff -ru dnsdist-2.0.3.orig/dnsdist-nghttp2.cc dnsdist-2.0.3.CVE-2026-33596/dnsdist-nghttp2.cc
--- dnsdist-2.0.3.orig/dnsdist-nghttp2.cc	2026-03-12 16:00:00.000000000 +0100
+++ dnsdist-2.0.3.CVE-2026-33596/dnsdist-nghttp2.cc	2026-04-03 15:51:37.513669834 +0200
@@ -223,7 +223,7 @@
 bool DoHConnectionToBackend::reachedMaxStreamID() const
 {
   const uint32_t maximumStreamID = (static_cast<uint32_t>(1) << 31) - 1;
-  return d_highestStreamID == maximumStreamID;
+  return d_highestStreamID >= maximumStreamID;
 }
 
 bool DoHConnectionToBackend::reachedMaxConcurrentQueries() const
diff -ru dnsdist-2.0.3.orig/dnsdist-tcp-downstream.cc dnsdist-2.0.3.CVE-2026-33596/dnsdist-tcp-downstream.cc
--- dnsdist-2.0.3.orig/dnsdist-tcp-downstream.cc	2026-03-12 16:00:00.000000000 +0100
+++ dnsdist-2.0.3.CVE-2026-33596/dnsdist-tcp-downstream.cc	2026-04-03 15:51:37.513773421 +0200
@@ -892,6 +892,18 @@
   return done;
 }
 
+bool TCPConnectionToBackend::reachedMaxStreamID() const
+{
+  /* TCP/DoT has only 2^16 usable identifiers, DoH has 2^32 */
+  const uint32_t maximumStreamID = std::numeric_limits<uint16_t>::max() - 1;
+  if (d_highestStreamID >= maximumStreamID) {
+    return true;
+  }
+
+  /* pending queries will need IDs, so we need to take them into account as well */
+  return (d_pendingQueries.size() >= (maximumStreamID - d_highestStreamID));
+}
+
 void setTCPDownstreamMaxIdleConnectionsPerBackend(uint64_t max)
 {
   DownstreamTCPConnectionsManager::setMaxIdleConnectionsPerDownstream(max);
diff -ru dnsdist-2.0.3.orig/dnsdist-tcp-downstream.hh dnsdist-2.0.3.CVE-2026-33596/dnsdist-tcp-downstream.hh
--- dnsdist-2.0.3.orig/dnsdist-tcp-downstream.hh	2026-03-12 16:00:00.000000000 +0100
+++ dnsdist-2.0.3.CVE-2026-33596/dnsdist-tcp-downstream.hh	2026-04-03 15:51:37.513843274 +0200
@@ -237,12 +237,7 @@
     return d_state == State::idle && d_pendingQueries.size() == 0 && d_pendingResponses.size() == 0;
   }
 
-  bool reachedMaxStreamID() const override
-  {
-    /* TCP/DoT has only 2^16 usable identifiers, DoH has 2^32 */
-    const uint32_t maximumStreamID = std::numeric_limits<uint16_t>::max() - 1;
-    return d_highestStreamID == maximumStreamID;
-  }
+  bool reachedMaxStreamID() const override;
 
   bool reachedMaxConcurrentQueries() const override
   {