CloudFlare Pingora
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in CloudFlare Pingora.
By the Year
In 2026 there have been 0 vulnerabilities in CloudFlare Pingora. Last year, in 2025 Pingora had 1 security vulnerability published. Right now, Pingora is on track to have less security vulnerabilities in 2026 than it did last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2026 | 0 | 0.00 |
| 2025 | 1 | 6.10 |
It may take a day or so for new Pingora vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent CloudFlare Pingora Security Vulnerabilities
Pingora-Proxy Request Smuggling via Cache HITs (Fixed)
CVE-2025-4366
6.1 - Medium
- May 22, 2025
A request smuggling vulnerability identified within Pingoras proxying framework, pingora-proxy, allows malicious HTTP requests to be injected via manipulated request bodies on cache HITs, leading to unauthorized request execution and potential cache poisoning. Fixed in: https://github.com/cloudflare/pingora/commit/fda3317ec822678564d641e7cf1c9b77ee3759ff https://github.com/cloudflare/pingora/commit/fda3317ec822678564d641e7cf1c9b77ee3759ff Impact: The issue could lead to request smuggling in cases where Pingoras proxying framework, pingora-proxy, is used for caching allowing an attacker to manipulate headers and URLs in subsequent requests made on the same HTTP/1.1 connection.
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for CloudFlare Pingora or by CloudFlare? Click the Watch button to subscribe.
