VDB

GCVE-110-CLOUD-2022-0045

GCVE-110-CLOUD-2022-0045
Advisory Published
Vulnetix · Advisory published February 24, 2022
Cloud Armor has a documented limitation of 8 KB as the maximum size of web request that it will inspect. The default behavior of Cloud Armor in this case can allow oversized malicious requests to bypass Cloud Armor and directly reach an underlying application. Moreover, Cloud Armor does not warn users of this limitation during policy creation or when configuring rules from within the web UI, and can only find a reference to the 8 KB limit in the [Cloud Armor documentation](https://cloud.google.com/armor/docs/security-policy-overview).

Affected Products

VendorProductVersionsPlatforms
GCPCloud Armor
GCPCloud Services

References

advisory
advisory

Browse GCVE Records

73,040 records in the GCVE database · Updated July 15, 2026

No matching records found.

Explore Further

Investigate this vulnerability in the interactive console or download the raw GCVE record.

$ Console Community · 100/wk Open console ›