Cloudflare Security Vulnerabilities (CVEs)

Track 23 security vulnerabilities affecting Cloudflare products and software. Get instant email alerts when new CVEs are discovered, automated security monitoring, and patch guidance.

4 Critical

15 High

4 Medium

Sort by:

🔔 Get Alerts for Cloudflare

CVE-2026-1229 9.8

A cryptographic vulnerability in CIRCL's P-384 elliptic curve implementation produces incorrect CombinedMult results for specific inputs. This affects...

Feb 24, 2026

CVE-2026-0933 9.9

A command injection vulnerability in Wrangler's `pages deploy` command allows attackers who control the `--commit-hash` parameter to execute arbitrary...

Jan 20, 2026

CVE-2025-13353 5.5

A vulnerability in gokey versions before 0.2.0 causes passwords derived from seed files to use only 28 bytes of entropy instead of the intended 240 by...

Dec 2, 2025

CVE-2025-7054 6.5

CVE-2025-7054 is a denial-of-service vulnerability in Cloudflare's quiche QUIC implementation where an unauthenticated attacker can trigger an infinit...

Aug 7, 2025

CVE-2025-4820 5.3

This vulnerability in Cloudflare's quiche QUIC library allows attackers to manipulate congestion control, causing affected systems to send data faster...

Jun 18, 2025

CVE-2025-4821 7.5

CVE-2025-4821 is a vulnerability in Cloudflare's quiche QUIC library that allows unauthenticated remote attackers to manipulate congestion control, po...

Jun 18, 2025

CVE-2025-6087 9.1

A Server-Side Request Forgery (SSRF) vulnerability in the @opennextjs/cloudflare package allows unauthenticated attackers to proxy arbitrary remote co...

Jun 16, 2025

CVE-2025-4143 6.1

This CVE describes an OAuth redirect URI validation vulnerability in the workers-oauth-provider library used in Cloudflare's MCP framework. Attackers ...

May 1, 2025

CVE-2025-4144 9.8

This vulnerability allows attackers to bypass PKCE (Proof Key for Code Exchange) protection in the workers-oauth-provider component of Cloudflare's MC...

May 1, 2025

CVE-2021-3978 7.5

CVE-2021-3978 is a local privilege escalation vulnerability in Cloudflare's octorpki RPKI validator. When combined with another vulnerability that all...

Jan 29, 2025

CVE-2025-0651 7.1

A privilege escalation vulnerability in Cloudflare WARP for Windows allows low-privileged users to create symbolic links that cause the WARP service (...

Jan 22, 2025

CVE-2024-0212 8.1

The Cloudflare WordPress plugin has an improper authentication vulnerability that allows attackers with lower-privileged WordPress accounts to access ...

Jan 29, 2024

CVE-2023-7078 7.5

CVE-2023-7078 is a server-side request forgery (SSRF) vulnerability in Miniflare's development server that allows attackers to send arbitrary HTTP and...

Dec 29, 2023

CVE-2023-7080 8.5

This vulnerability in Cloudflare Wrangler's development server allowed arbitrary code execution within Workers sandbox via the V8 inspector. Attackers...

Dec 29, 2023

CVE-2023-4241 7.5

CVE-2023-4241 is a vulnerability in the lol-html HTML parsing library that causes panics (crashes) when processing certain malicious HTML inputs. This...

Aug 16, 2023

CVE-2023-2754 7.4

The Cloudflare WARP client for Windows incorrectly assigns Unique Local IPv6 addresses instead of loopback addresses for DNS servers when connected ov...

Aug 3, 2023

CVE-2023-1862 7.3

The Cloudflare WARP client for Windows had an insecure IPC Named Pipe that allowed unauthorized remote access. This enabled attackers to trigger WARP ...

Jun 20, 2023

CVE-2023-3036 8.6

A buffer overflow vulnerability in Cloudflare's cfnts NTP server allows remote attackers to trigger a denial-of-service panic by sending specially cra...

Jun 14, 2023

CVE-2023-0652 7.0

This vulnerability allows local attackers to escalate privileges by exploiting hardlink creation during the Cloudflare WARP client repair process. Att...

Apr 6, 2023

CVE-2023-1314 7.5

A local privilege escalation vulnerability in cloudflared's Windows 32-bit installer allows attackers without administrative rights to delete or repla...

Mar 21, 2023

CVE-2022-2225 8.1

CVE-2022-2225 allows non-admin users to bypass Cloudflare WARP's Zero Trust security policies by using warp-cli subcommands to disable network interfa...

Jul 26, 2022

CVE-2021-3907 7.4

OctoRPKI has a path traversal vulnerability where malicious repositories can write files outside the designated cache directory using '..' sequences i...

Nov 11, 2021

CVE-2021-3761 7.5

This vulnerability allows any Certificate Authority (CA) issuer in the Resource Public Key Infrastructure (RPKI) to trick OctoRPKI versions prior to 1...

Sep 9, 2021

Why Monitor Cloudflare Security Vulnerabilities?

Real-time CVE tracking: Our automated system monitors 23+ known vulnerabilities affecting Cloudflare products and software packages. Stay ahead of emerging threats with instant email notifications when new security issues are discovered.

Automated security monitoring: Unlike manual CVE checking, FixTheCVE automatically scans your servers and detects vulnerable Cloudflare packages in under 60 seconds. No agents required - completely agentless scanning that works across Cloudflare deployments.

Free vulnerability database: Access detailed information about every Cloudflare CVE including CVSS scores, severity ratings, affected versions, and actionable patch guidance. Filter by critical, high, medium, or low severity to prioritize your security remediation efforts.

🚀 Get Started in 60 Seconds

Register free account & add your servers
Run one-time scan or schedule automatic monitoring (every 1-24 hours)
Receive instant alerts when new Cloudflare CVEs affect your systems
Access dashboard with severity breakdown & fix instructions

Start Monitoring Cloudflare CVEs Free