BotBeat
...
← Back

> ▌

CloudflareCloudflare
RESEARCHCloudflare2026-04-08

Security Researcher Demonstrates Chain of Self-XSS and CSRF Vulnerabilities in Cloudflare Access

Key Takeaways

  • ▸Three individually low-severity vulnerabilities (Self-XSS, Cookie Tossing, CSRF token weakness) can be chained into a critical bypass of Cloudflare Access approval mechanisms
  • ▸The attack demonstrates how 'informative' triaged bugs can become significant security issues when combined in creative ways
  • ▸Both the CF_Authorization cookie and CSRF token protections can be simultaneously undermined through the vulnerability chain
Source:
Hacker Newshttps://kazama.in/self-xss-to-cloudflare-single-click-approvals/↗

Summary

A security researcher has documented a sophisticated vulnerability chain affecting Cloudflare Access's Temporary Auth approval mechanism. The attack combines three individually low-severity bugs—a Self-XSS on the SAML SSO endpoint, cookie tossing vulnerability on the *.cloudflareaccess.com domain, and a predictable CSRF token—to achieve a single-click bypass of the access request approval flow. The vulnerabilities were reported through HackerOne to Cloudflare's security team.

The attack exploits the authentication and CSRF protection mechanisms that guard Cloudflare's Temporary Auth feature, which enforces approval-based access to protected applications. By chaining the three bugs together, an attacker can forge unauthorized access approvals without legitimate authorization. The researcher notes that after an initial fix was deployed, a second Self-XSS variant was discovered in Cloudflare's Browser Isolation feature, allowing the entire attack chain to be replayed, demonstrating the systemic nature of the vulnerability class.

  • A second variant in Browser Isolation suggests broader validation issues across Cloudflare's security infrastructure

Editorial Opinion

This disclosure highlights a critical lesson in vulnerability assessment: individually dismissing bugs as 'informative' or 'self-XSS' can obscure systemic security weaknesses when those bugs are carefully combined. The researcher's persistence in finding a chain after the initial fix—and discovering a second variant—suggests that organizations need to adopt more holistic security reviews that consider how low-impact vulnerabilities might interact. This case demonstrates why comprehensive security audits matter as much as individual bug fixes.

CybersecurityEthics & BiasAI Safety & Alignment

More from Cloudflare

CloudflareCloudflare
PARTNERSHIP

Cloudflare Launches Official AI Agent Integration with MCP Servers and Skills

2026-07-07
CloudflareCloudflare
OPEN SOURCE

Cloudflare Launches Agentic Inbox: Self-Hosted Email Client with Built-In AI Agent

2026-07-05
CloudflareCloudflare
INDUSTRY REPORT

Cloudflare Report: Agentic Internet Accelerates—50% of Web Traffic Now Non-Human

2026-07-02

Comments

Suggested

GPTZeroGPTZero
RESEARCH

GPTZero Investigation Exposes Widespread Hallucinated Citations in KPMG's Agentic AI Report

2026-07-09
Multiple AI CompaniesMultiple AI Companies
POLICY & REGULATION

UK Plans to Ban Romantic AI Chatbots for Under-18s; Researchers Question Scope and Age Threshold

2026-07-09
Google / AlphabetGoogle / Alphabet
UPDATE

Google Patches AI Chatbot Flaw That Could Expose Customer Conversations

2026-07-09
← Back to news
© 2026 BotBeat
AboutPrivacy PolicyTerms of ServiceContact Us