We are increasing the maximum request-payload size the WAF inspects to 1 MB across all plans. This enhancement strengthens our detection capabilities for React RCE (CVE-2025-55182) by ensuring the WAF can fully analyse React payloads up to their standard maximum size. Long term limits might change based on plans in the future.
Key Findings
React payloads commonly have a default maximum size of 1 MB. Cloudflare WAF previously inspected up to 128 KB on Enterprise plans, with even lower limits on other plans.
Impact
All WAF rules now evaluate up to 1 MB of request payload data, improving coverage and detection accuracy.
Source: Cloudflare
Latest Posts
- Grok 4.3 from xAI now available in Amazon Bedrock
- Amazon FSx for OpenZFS now supports on-demand data replication across AWS opt-in Regions
- AWS Management Console Private Access now works without internet connectivity
- (Updated) Viva Engage: Email updates for frontline users without an active Exchange mailbox [MC1309743]
![External authentication methods (EAM) – Public preview update [MC1192252]](https://mwpro.co.uk/wp-content/uploads/2025/06/pexels-pixabay-256150-96x96.webp "External authentication methods (EAM) – Public preview update [MC1192252] 6")
