CloudFlare Warp Mobile Client
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in CloudFlare Warp Mobile Client.
By the Year
In 2026 there have been 0 vulnerabilities in CloudFlare Warp Mobile Client. Warp Mobile Client did not have any published security vulnerabilities last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2026 | 0 | 0.00 |
| 2025 | 0 | 0.00 |
| 2024 | 0 | 0.00 |
| 2023 | 2 | 4.60 |
| 2022 | 3 | 8.07 |
It may take a day or so for new Warp Mobile Client vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent CloudFlare Warp Mobile Client Security Vulnerabilities
Tapjacking VULN in WARP Mobile Client <6.29 for Android
CVE-2023-0654
3.7 - Low
- August 29, 2023
Due to a misconfiguration, the WARP Mobile Client (< 6.29) for Android was susceptible to a tapjacking attack. In the event that an attacker built a malicious application and managed to install it on a victim's device, the attacker would be able to trick the user into believing that the app shown on the screen was the WARP client when in reality it was the attacker's app.
Clickjacking
Cloudflare WARP Mobile Client <=6.29 Android Task Manipulation
CVE-2023-0238
5.5 - Medium
- August 29, 2023
Due to lack of a security policy, the WARP Mobile Client (<=6.29) for Android was susceptible to this vulnerability which allowed a malicious app installed on a victim's device to exploit a peculiarity in an Android function, wherein under certain conditions, the malicious app could dictate the task behaviour of the WARP app.
Cloudflare WARP iOS Lock Switch Bypass
CVE-2022-3322
7.5 - High
- October 28, 2022
Lock Warp switch is a feature of Zero Trust platform which, when enabled, prevents users of enrolled devices from disabling WARP client. Due to insufficient policy verification by WARP iOS client, this feature could be bypassed by using the "Disable WARP" quick action.
Improper Verification of Cryptographic Signature
Cloudflare WARP iOS: Delete VPN Profile Bypass Lock WARP Switch
CVE-2022-3337
8.5 - High
- October 28, 2022
It was possible for a user to delete a VPN profile from WARP mobile client on iOS platform despite the Lock WARP switch https://developers.cloudflare.com/cloudflare-one/connections/connect-devices/warp/warp-settings/#lock-warp-switch feature being enabled on Zero Trust Platform. This led to bypassing policies and restrictions enforced for enrolled devices by the Zero Trust platform.
Authentication Bypass by Spoofing
WARP iOS Client Bypass of Lock WARP Switch via Dual-Network Disable
CVE-2022-3321
8.2 - High
- October 28, 2022
It was possible to bypass Lock WARP switch feature https://developers.cloudflare.com/cloudflare-one/connections/connect-devices/warp/warp-settings/#lock-warp-switch on the WARP iOS mobile client by enabling both "Disable for cellular networks" and "Disable for Wi-Fi networks" switches at once in the application settings. Such configuration caused the WARP client to disconnect and allowed the user to bypass restrictions and policies enforced by the Zero Trust platform.
AuthZ
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for CloudFlare Warp Mobile Client or by CloudFlare? Click the Watch button to subscribe.
