This tweet discusses an urgent and critical WAF bypass issue affecting Cloudflare Managed Rules, which are widely used to protect web applications including major financial targets. The bypass is severe enough to potentially expose sensitive data like Personally Identifiable Information (PII) and biometrics. The user indicates they have a Proof of Concept (PoC) for the bypass and have sent it to Cloudflare's legal team for review but face challenges as their HackerOne account is restricted, limiting their ability to report securely through the usual bug bounty channels. This situation highlights a critical universal bypass vulnerability that affects Cloudflare's protection layer at infrastructure level, posing risks to sensitive data security. Reporting and addressing such vulnerabilities swiftly is vital to protect major targets from exploitation.
Original tweet: https://twitter.com/isujin933380/status/2033252333728190747