cloudflare

Top products

The 15 most recently published vulnerabilities affecting cloudflare.

• CVE-2026-11941Use-after-free in connection ID iterator and FFI functions5.6Jun 19, 2026
• CVE-2026-1229Incorrect calculation in CIRCL secp384r1 CombinedMult9.8Feb 24, 2026
• CVE-2026-0933OS Command Injection in `wrangler pages deploy`9.9Jan 20, 2026
• CVE-2025-13353gokey allows secret recovery from a seed file without the master password5.5Dec 2, 2025
• CVE-2025-7054Infinite loop triggered by connection ID retirement6.5Aug 7, 2025
• CVE-2025-4821Incorrect congestion window growth by invalid ACK ranges7.5Jun 18, 2025
• CVE-2025-4820Incorrect congestion window growth by optimistic ACK5.3Jun 18, 2025
• CVE-2025-6087SSRF vulnerability in opennextjs-cloudflare via /_next/image endpoint9.1Jun 16, 2025
• CVE-2025-4366Request Smuggling Vulnerability in Pingora6.1May 22, 2025
• CVE-2025-4144PKCE bypass via downgrade attack9.8May 1, 2025
• CVE-2025-4143Missing validation of redirect_uri on authorize endpoint6.1May 1, 2025
• CVE-2021-3978Improper Preservation of Permissions in github.com/cloudflare/cfrpki/cmd/octorpki7.5Jan 29, 2025
• CVE-2025-0651File symlink abuse might lead to deleting files belonging to SYSTEM user7.1Jan 22, 2025
• CVE-2024-1410Unbounded storage of information related to connection ID retirement, in quiche 3.7Mar 12, 2024
• CVE-2024-1765Unlimited resource allocation by QUIC CRYPTO frames flooding in quiche5.9Mar 12, 2024