Known Vulnerabilities for products from Cloudflare
Listed below are 20 of the newest known vulnerabilities associated with the vendor "Cloudflare".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2026-28798 json | Not Provided | 2026-04-03 | 2026-04-06 | |
| CVE-2026-2589 json | Not Provided | 2026-03-06 | 2026-04-08 | |
| CVE-2025-66104 json | Not Provided | 2025-12-18 | 2026-04-23 | |
| CVE-2025-22332 json | Not Provided | 2025-01-31 | 2026-04-23 | |
| CVE-2024-0212 json | 6.5 - MEDIUM | 2024-01-29 | 2024-02-02 | |
| CVE-2023-7080 json | 8 - HIGH | 2023-12-29 | 2024-01-05 | |
| CVE-2023-7079 json | 5.7 - MEDIUM | 2023-12-29 | 2024-01-05 | |
| CVE-2023-7078 json | 8.1 - HIGH | 2023-12-29 | 2024-01-05 | |
| CVE-2023-5135 json | Not Provided | 2023-09-27 | 2026-04-08 | |
| CVE-2023-4241 json | lol-html can cause panics on certain HTML inputs. Anyone processing arbitrary 3rd party HTML with the library is affected. | 7.5 - HIGH | 2023-08-16 | 2023-08-22 |
| CVE-2023-3766 json | A vulnerability was discovered in the odoh-rs rust crate that stems from faulty logic during the parsing of encrypted queries... | 5.9 - MEDIUM | 2023-08-03 | 2023-08-10 |
| CVE-2023-3747 json | Zero Trust Administrators have the ability to disallow end users from disabling WARP on their devices. Override codes can als... | 5.5 - MEDIUM | 2023-09-07 | 2023-09-13 |
| CVE-2023-3348 json | The Wrangler command line tool (<[email protected] or <[email protected]) was affected by a directory traversal vulnerability... | 5.7 - MEDIUM | 2023-08-03 | 2023-08-29 |
| CVE-2023-3040 json | A debug function in the lua-resty-json package, up to commit id 3ef9492bd3a44d9e51301d6adc3cd1789c8f534a (merged in PR #14) c... | 7.5 - HIGH | 2023-06-14 | 2023-06-28 |
| CVE-2023-3036 json | An unchecked read in NTP server in github.com/cloudflare/cfnts prior to commit 783490b https://github.com/cloudflare/cfnts/c... | 7.5 - HIGH | 2023-06-14 | 2023-06-27 |
| CVE-2023-2754 json | The Cloudflare WARP client for Windows assigns loopback IPv4 addresses for the DNS Servers, since WARP acts as local DNS serv... | 6.8 - MEDIUM | 2023-08-03 | 2023-08-09 |
| CVE-2023-2512 json | Prior to version v1.20230419.0, the FormData API implementation was subject to an integer overflow. If a FormData instance co... | 8.1 - HIGH | 2023-05-12 | 2023-05-26 |
| CVE-2023-1862 json | Cloudflare WARP client for Windows (up to v2023.3.381.0) allowed a malicious actor to remotely access the warp-svc.exe binar... | 7.3 - HIGH | 2023-06-20 | 2023-06-29 |
| CVE-2023-1732 json | When sampling randomness for a shared secret, the implementation of Kyber and FrodoKEM, did not check whether crypto/rand.Rea... | 8.2 - HIGH | 2023-05-10 | 2023-05-17 |
| CVE-2023-1412 json | An unprivileged (non-admin) user can exploit an Improper Access Control vulnerability in the Cloudflare WARP Client for Windo... | 7.8 - HIGH | 2023-04-05 | 2023-11-07 |
Known software with vulnerabilities from Cloudflare
| Type | Vendor | Product | Version |
|---|---|---|---|
| Application | Cloudflare | Warp | - |