Recently, there was a report about a bypass on the Vercel WAF that was made public just 2 days ago. The reported basic payload was supposed to be blocked, but it turns out the Vercel WAF was still vulnerable to this bypass. This means that even though the bypass attempt was quite simple, the WAF protection did not effectively stop it, allowing potential attackers to reach the protected system. This shows that Vercel WAF might need to improve its defenses against such bypass attempts, especially for basic payloads that can exploit various web application vulnerabilities. It’s important for organizations using Vercel WAF to be aware of this issue and consider additional security measures while waiting for vendor patches or updates.
https://twitter.com/broken_link420/status/1997670045208437154