Cloudflare has addressed a security vulnerability impacting its Automatic Certificate Management Environment (ACME) validation logic that made it possible to bypass security controls and access origin servers. “The vulnerability was rooted in how our edge network processed requests destined for the ACME HTTP-01 challenge path (/.well-known/acme-challenge/*),” the web infrastructure
First seen on thehackernews.com
Jump to article: thehackernews.com/2026/01/cloudflare-fixes-acme-validation-bug.html
