A critical zero-day vulnerability in Cloudflare exposed a fundamental weakness in how security exceptions are handled at scale. The flaw allowed attackers to bypass Cloudflare’s Web Application Firewall (WAF) entirely and directly access protected origin servers by abusing a certificate validation endpoint. The issue was not caused by customer misconfiguration, but by a logic error in Cloudflare’s edge processing of ACME certificate validation traffic.
First seen on thecyberexpress.com
Jump to article: thecyberexpress.com/cloudflare-zero-day-waf-bypass-acme/
