The Cloudflare Blog

Subscribe to receive notifications of new posts:

New Magento WAF Rule – RCE Vulnerability Protection

2015-04-25

Peter Dumanian

1 min read

Today the Magento Security Team created a new ModSecurity rule and added it to our WAF rules to mitigate an important RCE (remote code execution) vulnerability in the Magento web e-commerce platform. Any customer using the WAF needs to click the ON button next to the “CloudFlare Magento” Group in the WAF Settings to enable protection immediately.

Both Magento version 1.9.1.0 CE and 1.14.1.0 EE are compromised by this vulnerability. CloudFlare WAF protection can help mitigate vulnerabilities like this, but it is vital that Magento users patch Magento immediately. Select and download the patch for SUPEE-5344.

Vulnerabilities WAF Rules Reliability WAF

Follow on X

Cloudflare|@cloudflare

June 09, 2026

Defend against frontier cyber models: Cloudflare's architecture as customer zero

In our post about Project Glasswing, we made the argument that the architecture around a vulnerability matters more than the speed of the patch. Here we walk through what that architecture looks like, the threats it defends against, and how we run it ourselves as Cloudflare's customer zero....

Security, AI, Threat Intelligence, Risk Management, Customer Zero, WAF, Zero Trust, Cloudforce One, Bot Management

June 08, 2026

Turning Cloudflare’s threat indicators into real-time WAF rules

Cloudflare customers can now use Cloudforce One threat intelligence directly within the WAF to block high-risk traffic. By using new cf.intel fields, security teams can automate protection against specific threat actors and targeted industries in real time....

Security, WAF, Threat Intelligence, Cloudforce One, Product News

May 07, 2026

How Cloudflare responded to the “Copy Fail” Linux vulnerability

When a critical Linux kernel privilege escalation was publicly disclosed, Cloudflare's security and engineering teams detected, investigated, and mitigated the threat across our global fleet, confirming zero customer impact and no malicious exploitation....

Linux, Security, Incident Response, Kernel, Vulnerabilities, Mitigation, eBPF

May 06, 2026

When DNSSEC goes wrong: how we responded to the .de TLD outage

On May 5, 2026, DENIC published broken DNSSEC signatures for the .de TLD, making millions of domains unreachable. Here's what 1.1.1.1 saw, how serve stale cushioned the impact, and how we restored resolution....

DNS, DNSSEC, 1.1.1.1, Reliability, Outage