We are increasing the maximum request-payload size the WAF inspects to 1 MB across all plans. This enhancement strengthens our detection capabilities for React RCE (CVE-2025-55182) by ensuring the WAF can fully analyse React payloads up to their standard maximum size. Long term limits might change based on plans in the future.
Key Findings
React payloads commonly have a default maximum size of 1 MB. Cloudflare WAF previously inspected up to 128 KB on Enterprise plans, with even lower limits on other plans.
Impact
All WAF rules now evaluate up to 1 MB of request payload data, improving coverage and detection accuracy.
Source: Cloudflare
Latest Posts
- MC1418559: Microsoft Bookings Retires EWS-Based Personal Bookings Controls and Moves Management to OWA Mailbox Policy

- MC1418558: Microsoft 365 Admin Center Focuses Taskbar Pinning on Copilot and Ends Companion App Pinning

- Amazon SageMaker Studio now integrates with Hugging Face for one-click model deployment and customization

- Amazon SageMaker HyperPod now supports disaggregated prefill and decode






