ACME flaw in Cloudflare allowed attackers to reach origin servers

January 21, 2026 Yanac

Cloudflare fixed a flaw in its ACME validation logic that could let attackers bypass security checks and access protected origin servers. Cloudflare fixed a flaw in its ACME HTTP-01 validation logic that could let attackers bypass security checks and reach origin servers. The issue stemmed from how Cloudflare’s edge handled requests to the /.well-known/acme-challenge/ path.Security AffairsRead More

Microsoft shares workaround for Outlook freezes after Windows update
Zeroport lands $10 million funding to scale secure remote access for critical infrastructure