Home » Tags

Acme

How we mitigated a vulnerability in Cloudflare's ACME validation logic

How we mitigated a vulnerability in Cloudflare's ACME validation logic

• How we mitigated a vulnerability in Cloudflareâ s ACME validation logic 2026-01-19 Hrushikesh Deshpande Andrew Mitchell Leland Garofalo This post was updated on January 20, 2026.

Engineering Blogs · January 19, 2026 (updated February 25, 2026) · 2 min · 265 words
How we mitigated a vulnerability in Cloudflare's ACME validation logic

How we mitigated a vulnerability in Cloudflare's ACME validation logic

• Security researchers uncovered a flaw in Cloudflare’s ACME HTTP‑01 challenge handling that disabled WAF protections on specific paths. • The vulnerability was reported via Cloudf