We are increasing the maximum request-payload size the WAF inspects to 1 MB across all plans. This enhancement strengthens our detection capabilities for React RCE (CVE-2025-55182) by ensuring the WAF can fully analyse React payloads up to their standard maximum size. Long term limits might change based on plans in the future.
Key Findings
React payloads commonly have a default maximum size of 1 MB. Cloudflare WAF previously inspected up to 128 KB on Enterprise plans, with even lower limits on other plans.
Impact
All WAF rules now evaluate up to 1 MB of request payload data, improving coverage and detection accuracy.
Source: Cloudflare
Latest Posts
- Power Apps – Content Security Policy enforcement for Power Apps code apps [MC1218747]
- Microsoft Teams: Organization evaluation score for apps and agents [MC1218713]
- (Updated) Microsoft 365 Copilot: Add web links as references in Copilot Notebooks [MC1193414]
- People Skills: AI skill inferencing expanded to E3/E5 licenses [MC1218711]
![External authentication methods (EAM) – Public preview update [MC1192252]](https://mwpro.co.uk/wp-content/uploads/2025/06/pexels-pixabay-256150-96x96.webp "External authentication methods (EAM) – Public preview update [MC1192252] 6")
