Cloudflare CDN vulnerability exposes user location data
/ 1 min read
🗺️ Cloudflare CDN vulnerability exposes user location through image sharing. A security researcher identified a flaw in Cloudflare’s content delivery network that can reveal a user’s general location by sending an image via apps like Signal and Discord. Although the attack does not provide precise street-level tracking, it can determine a user’s location within a 250-mile radius, raising privacy concerns for journalists and activists. The researcher disclosed the issue to Cloudflare, which has since patched the bug but acknowledged that similar attacks could still occur using alternative methods. While Cloudflare awarded the researcher a $200 bounty, both Signal and Discord declined to address the issue, citing it as a Cloudflare problem.
