A recent WAF bypass was discovered affecting Cloudflare WAF. The bypass payload used was '1'; cat /etc/passwd #' which allowed for remote code execution. This vulnerability poses a serious threat to websites protected by Cloudflare WAF. For more details, check out the blogpost.