A WAF bypass technique was discovered where the request bypasses the WAF, allowing the payload to be set as a cookie without detection. This can lead to blocking of the victim by the WAF upon subsequent site visits. More details on the technical aspects of this bypass should be explored in a blogpost.
Check out the original tweet here: https://twitter.com/zhero___/status/1802942589038960712