Cloudflare CVE Vulnerabilities & CVE List (61)

Products (CPE): — CVEs: 61

Cloudflare vulnerability overview

Aggregates CVE and security vulnerability intelligence across all Cloudflare-related products, including CVSS, EPSS, publication dates, and vulnerability intelligence data.

Common weakness patterns include vendor risk input validation, vendor risk path handling, and vendor risk buffer overflow, with potential vendor impact application crash across vendor surface software deployment use cases.

Vulnerability distribution trend (last 24 months)

Showing 2140 of 61 CVEs
CVE Summary Source Max CVSS EPSS % Published Updated
CVE-2023-7079 Sending specially crafted HTTP requests and inspector messages to Wrangler's dev server could result in any file on the user's computer being accessible over the local network. An attacker that could trick any user on the local network into opening a malicious website could also read any file. [email protected] 6.4 0.70% 2023-12-29 2026-06-17
CVE-2023-7078 Sending specially crafted HTTP requests to Miniflare's server could result in arbitrary HTTP and WebSocket requests being sent from the server. If Miniflare was configured to listen on external network interfaces (as was the default in wrangler until 3.19.0), an attacker on the local network could access other local servers. [email protected] 7.5 0.55% 2023-12-29 2026-06-17
CVE-2023-6193 quiche v. 0.15.0 through 0.19.0 was discovered to be vulnerable to unbounded queuing of path validation messages, which could lead to excessive resource consumption. QUIC path validation (RFC 9000 Section 8.2) requires that the recipient of a PATH_CHALLENGE frame responds by sending a PATH_RESPONSE. An unauthenticated remote attacker can exploit the vulnerability by sending PATH_CHALLENGE frames and manipulating the connection (e.g. by restricting the peer's congestion window size) so that PATH_ [email protected] 5.3 0.76% 2023-12-12 2026-06-17
CVE-2023-6180 The tokio-boring library in version 4.0.0 is affected by a memory leak issue that can lead to excessive resource consumption and potential DoS by resource exhaustion. The set_ex_data function used by the library did not deallocate memory used by pre-existing data in memory each time after completing a TLS connection causing the program to consume more resources with each new connection. [email protected] 5.3 0.62% 2023-12-05 2026-06-17
CVE-2023-3747 Zero Trust Administrators have the ability to disallow end users from disabling WARP on their devices. Override codes can also be created by the Administrators to allow a device to temporarily be disconnected from WARP, however, due to lack of server side validation, an attacker with local access to the device, could extend the maximum allowed disconnected time of WARP client granted by an override code by changing the date & time on the local device where WARP is running. [email protected] 5.5 0.18% 2023-09-07 2026-06-17
CVE-2023-0654 Due to a misconfiguration, the WARP Mobile Client (< 6.29) for Android was susceptible to a tapjacking attack. In the event that an attacker built a malicious application and managed to install it on a victim's device, the attacker would be able to trick the user into believing that the app shown on the screen was the WARP client when in reality it was the attacker's app. [email protected] 3.9 0.20% 2023-08-29 2026-06-17
CVE-2023-0238 Due to lack of a security policy, the WARP Mobile Client (<=6.29) for Android was susceptible to this vulnerability which allowed a malicious app installed on a victim's device to exploit a peculiarity in an Android function, wherein under certain conditions, the malicious app could dictate the task behaviour of the WARP app. [email protected] 3.9 0.20% 2023-08-29 2026-06-17
CVE-2023-4241 lol-html can cause panics on certain HTML inputs. Anyone processing arbitrary 3rd party HTML with the library is affected. [email protected] 7.5 0.57% 2023-08-16 2026-06-17
CVE-2023-3766 A vulnerability was discovered in the odoh-rs rust crate that stems from faulty logic during the parsing of encrypted queries. This issue specifically occurs when processing encrypted query data received from remote clients and enables an attacker with knowledge of this vulnerability to craft and send specially designed encrypted queries to targeted ODOH servers running with odoh-rs. Upon successful exploitation, the server will crash abruptly, disrupting its normal operation and rendering the s [email protected] 5.9 0.65% 2023-08-03 2026-06-17
CVE-2023-3348 The Wrangler command line tool  (<[email protected] or <[email protected]) was affected by a directory traversal vulnerability when running a local development server for Pages (wrangler pages dev command). This vulnerability enabled an attacker in the same network as the victim to connect to the local development server and access the victim's files present outside of the directory for the development server. [email protected] 5.7 0.70% 2023-08-03 2026-06-17
CVE-2023-2754 The Cloudflare WARP client for Windows assigns loopback IPv4 addresses for the DNS Servers, since WARP acts as local DNS server that performs DNS queries in a secure manner, however, if a user is connected to WARP over an IPv6-capable network, te WARP client did not assign loopback IPv6 addresses but Unique Local Addresses, which under certain conditions could point towards unknown devices in the same local network which enables an Attacker to view DNS queries made by the device. [email protected] 7.4 0.75% 2023-08-03 2026-06-17
CVE-2023-1862 Cloudflare WARP client for Windows (up to v2023.3.381.0) allowed a malicious actor to remotely access the warp-svc.exe binary due to an insufficient access control policy on an IPC Named Pipe. This would have enabled an attacker to trigger WARP connect and disconnect commands, as well as obtaining network diagnostics and application configuration from the target's device. It is important to note that in order to exploit this, a set of requirements would need to be met, such as the target's devic [email protected] 7.3 0.75% 2023-06-20 2026-06-17
CVE-2023-3040 A debug function in the lua-resty-json package, up to commit id 3ef9492bd3a44d9e51301d6adc3cd1789c8f534a (merged in PR #14) contained an out of bounds access bug that could have allowed an attacker to launch a DoS if the function was used to parse untrusted input data. It is important to note that because this debug function was only used in tests and demos, it was not exploitable in a normal environment. [email protected] 3.7 0.71% 2023-06-14 2026-06-17
CVE-2023-3036 An unchecked read in NTP server in github.com/cloudflare/cfnts prior to commit 783490b https://github.com/cloudflare/cfnts/commit/783490b913f05e508a492cd7b02e3c4ec2297b71  enabled a remote attacker to trigger a panic by sending an NTSAuthenticator packet with extension length longer than the packet contents. [email protected] 8.6 2.24% 2023-06-14 2026-06-17
CVE-2023-2512 Prior to version v1.20230419.0, the FormData API implementation was subject to an integer overflow. If a FormData instance contained more than 2^31 elements, the forEach() method could end up reading from the wrong location in memory while iterating over elements. This would most likely lead to a segmentation fault, but could theoretically allow arbitrary undefined behavior. In order for the bug to be exploitable, the process would need to be able to allocate 160GB of RAM. Due to this, the bug [email protected] 6.5 0.58% 2023-05-12 2026-06-17
CVE-2023-1732 When sampling randomness for a shared secret, the implementation of Kyber and FrodoKEM, did not check whether crypto/rand.Read() returns an error. In rare deployment cases (error thrown by the Read() function), this could lead to a predictable shared secret. The tkn20 and blindrsa components did not check whether enough randomness was returned from the user provided randomness source. Typically the user provides crypto/rand.Reader, which in the vast majority of cases will always return the righ [email protected] 5.3 0.39% 2023-05-10 2026-06-17
CVE-2023-0652 Due to a hardlink created in the ProgramData folder during the repair process of the software, the installer (MSI) of WARP Client for Windows (<= 2022.12.582.0) allowed a malicious attacker to forge the destination of the hardlink and escalate privileges, overwriting SYSTEM protected files. As Cloudflare WARP client for Windows (up to version 2022.5.309.0) allowed creation of mount points from its ProgramData folder, during installation of the WARP client, it was possible to escalate privileges [email protected] 7.0 0.25% 2023-04-06 2026-06-17
CVE-2023-1412 An unprivileged (non-admin) user can exploit an Improper Access Control vulnerability in the Cloudflare WARP Client for Windows (<= 2022.12.582.0) to perform privileged operations with SYSTEM context by working with a combination of opportunistic locks (oplock) and symbolic links (which can both be created by an unprivileged user). After installing the Cloudflare WARP Client (admin privileges required), an MSI-Installer is placed under C:\Windows\Installer. The vulnerability lies in the repair [email protected] 7.0 0.24% 2023-04-05 2026-06-17
CVE-2023-1314 A vulnerability has been discovered in cloudflared's installer (<= 2023.3.0) for Windows 32-bits devices that allows a local attacker with no administrative permissions to escalate their privileges on the affected device. This vulnerability exists because the MSI installer used by cloudflared relied on a world-writable directory. An attacker with local access to the device (without Administrator rights) can use symbolic links to trick the MSI installer into deleting files in locations that the [email protected] 7.5 0.26% 2023-03-21 2026-06-17
CVE-2022-4457 Due to a misconfiguration in the manifest file of the WARP client for Android, it was possible to a perform a task hijacking attack. An attacker could create a malicious mobile application which could hijack legitimate app and steal potentially sensitive information when installed on the victim's device. [email protected] 5.5 0.17% 2023-01-11 2026-06-17
cvelogic Threat Intelligence