A WAF rule has been rolled out for the Next.js auth bypass vulnerability (CVE-2025-29927) across all sites and plans. Monitoring is being done accordingly to ensure protection against this vulnerability. For technical details, refer to the CVE-2025-29927 advisory.
Original tweet: https://twitter.com/CloudflareDev/status/1903473860424368205