Vulnerabilities Articles

3 articles

Related Tags

WAF(2)

Security(2)

Network Services(1)

Application Services(1)

Application Security(1)

(1)

Security Analytics(1)

Cloudflare

51 min read

Security•2026-03-09

Active defense: introducing a stateful vulnerability scanner for APIs

Cloudflare introduces a stateful Web and API Vulnerability Scanner in beta, starting with detection of Broken Object Level Authorization (BOLA) vulnerabilities.

Always-on detections: eliminating the WAF “log versus block” trade-off

This article introduces Cloudflare's always-on Attack Signature Detection framework that eliminates the traditional WAF trade-off between log visibility and block protection.

How we mitigated a vulnerability in Cloudflare’s ACME validation logic

Cloudflare disclosed and patched a WAF bypass vulnerability in their ACME HTTP-01 challenge validation logic, reported by FearsOff researchers in October 2025.