Cloudflare Patches WAF ACME Validation Bypass

Cloudflare patched a flaw in its web application firewall on October 27 that allowed attackers to bypass WAF rules and directly access origin servers. FearsOff researchers reported the ACME HTTP-01 validation logic bug in October; Cloudflare says customers need not take action after it corrected token-hostname verification. The issue could have enabled data theft or server takeover and raises concerns about automated, AI-driven exploitation.