Browse all 57 CVE security advisories affecting Cloudflare. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Cloudflare operates as a global content delivery network and distributed reverse proxy service, providing DDoS mitigation, web application firewall capabilities, and DNS resolution. Its infrastructure handles massive internet traffic, making it a critical component of modern web security. Historically, vulnerabilities in its software stack have frequently involved remote code execution, cross-site scripting, and privilege escalation flaws, often stemming from complex configuration management or third-party dependencies. While the company maintains a robust security posture with extensive bug bounty programs, the sheer scale of its attack surface results in a significant number of recorded CVEs. Notable incidents have included configuration errors leading to temporary outages or data exposure, highlighting the challenges of maintaining security at such a vast operational scale. These events underscore the importance of rigorous internal security practices and continuous monitoring within large-scale distributed systems.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2026-1229 | Incorrect calculation in CIRCL secp384r1 CombinedMult — CIRCLCWE-682 | 7.5AI | HighAI | 2026-02-24 |
| CVE-2023-1732 | Improper random reading in CIRCL — CIRCLCWE-20 | 5.3 | Medium | 2023-05-10 |
This page lists every published CVE security advisory associated with Cloudflare. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.