Cloudflare WAF False Positives

Resolved

This issue is now resolved.

Update

We have disabled the rule in question, and the rate of false positives is decreasing. We are monitoring.

Update

Cloudflare has identified an issue with the managed ruleset "Apache Camel - Remote Code Execution - CVE:CVE-2025-29891" which is potentially causing false positives. Customers can disable this rule by setting Action -> Log in the Cloudflare Dashboard. Other WAF rules are unaffected. We are currently working on a fix for this issue.