Cloudflare has implemented new WAF rules to protect against a Remote Code Execution vulnerability affecting specific React versions and Next.js. All customers are automatically shielded as long as their traffic is routed through Cloudflare, but updating to React 19.2.1 and the latest Next.js versions is still recommended. Cloudflare's security team will monitor for potential attacks and adjust protections as needed.

Cloudflare experienced a widespread outage due to an update to its Web Application Firewall meant to address a vulnerability in React Server Components. The fix caused issues for various enterprise and consumer services, highlighting the risks of relying on single service providers.

The article details the rapid exploitation attempts of the React2Shell vulnerability (CVE-2025-55182) following its disclosure on December 3, 2025. Threat actors quickly utilized various tools to scan for and exploit vulnerable React Server Components across multiple regions, targeting significant organizations and critical infrastructure. It also mentions two other related vulnerabilities and Cloudflare's response to mitigate these risks.

Cloudflare addressed a flaw in its WAF that let attackers bypass security measures and access origin servers during ACME validation. The issue arose from a logic error that disabled WAF features for certain requests, potentially allowing unauthorized access. The company implemented a fix to ensure that WAF features remain active unless the request matches a valid ACME token.

Cloudflare's blog post discusses a recently discovered vulnerability in HTTP/2, dubbed "madeyoureset," which could allow attackers to disrupt connections by causing server resets. The blog highlights the rapid mitigations implemented by Cloudflare to prevent potential exploitation of this vulnerability and emphasizes the importance of swift responses in maintaining web security.

Cloudflare's blog discusses the resolution of a request smuggling vulnerability found in their Pingora proxy. This vulnerability could have allowed attackers to manipulate server requests, emphasizing the importance of proactive security measures in web infrastructure. The article details the steps taken to identify and patch the issue effectively.