In your Worker’s dashboard, there is now a dedicated Domains tab where you can purchase a new domain through Cloudflare Registrar and have it automatically connected, add an existing domain, and manage all of your Worker’s routing in one place.
The latest release of the Agents SDK brings more reliable chat recovery, fixes Agent state synchronization during reconnects, adds durable submissions for Think, exposes routing retry configuration, and adds connection control for Voice agents.
Chat recovery improvements
@cloudflare/ai-chat now keeps server turns running when a browser or client stream is interrupted. This is useful for long-running AI responses where users refresh the page, close a tab, or temporarily lose connection. Calling stop() still cancels the server turn.
Set cancelOnClientAbort: true if browser or client aborts should also cancel the server turn:
JavaScript
constchat=useAgentChat({
agent:"assistant",
name:"user-123",
cancelOnClientAbort: true,
});
TypeScript
constchat=useAgentChat({
agent:"assistant",
name:"user-123",
cancelOnClientAbort: true,
});
Notable bug fixes:
Chat stream resume negotiation no longer throws when replay races with a closed WebSocket connection.
Recovered chat continuations no longer leave useAgentChat stuck in a streaming state when the original socket disconnects before a terminal response.
Approval auto-continuation preserves reasoning parts and persists continuation reasoning in the final message.
isServerStreaming now resets correctly when a resumed stream moves from the fallback observer path to a transport-owned stream.
Agent state and routing fixes
[email protected] prevents duplicate initial state frames during WebSocket connection setup. This avoids stale initial state messages overwriting state updates already sent by the client.
Agent recovery is also more reliable when tool calls span a Durable Object restart. Recovery now defers user finish hooks until after agent startup and isolates hook failures, so one failed hook does not block other recovered runs from finalizing.
getAgentByName() now supports routingRetry for transient Durable Object routing failures:
@cloudflare/think now supports durable programmatic submissions. submitMessages() provides durable acceptance, idempotent retries, status inspection, cancellation, and cleanup for server-driven turns that should continue after the caller returns.
Think.chat() RPC turns now run inside chat recovery fibers and persist their stream chunks. Interrupted sub-agent turns can recover partial output instead of starting over.
ChatOptions.tools has been removed from the TypeScript API. Define durable tools on the child agent or use agent tools for orchestration. Runtime options.tools values passed by legacy callers are ignored with a warning.
Think message pruning behavior change
@cloudflare/think no longer applies pruneMessages({ toolCalls: "before-last-2-messages" }) to model context by default. The previous default could strip client-side tool results from longer multi-turn flows.
truncateOlderMessages still runs as before, so context cost remains bounded. Subclasses that relied on the old aggressive pruning can opt back in from beforeTurn:
JavaScript
import {Think} from "@cloudflare/think";
import {pruneMessages} from "ai";
exportclassMyAgentextendsThink{
beforeTurn(ctx){
return{
messages:pruneMessages({
messages:ctx.messages,
toolCalls:"before-last-2-messages",
}),
};
}
}
TypeScript
import {Think} from "@cloudflare/think";
import {pruneMessages} from "ai";
exportclassMyAgentextendsThink<Env>{
beforeTurn(ctx){
return{
messages:pruneMessages({
messages:ctx.messages,
toolCalls:"before-last-2-messages",
}),
};
}
}
Voice agent connection control
@cloudflare/voice adds an enabled option to useVoiceAgent. React apps can now delay creating and connecting a VoiceClient until prerequisites such as capability tokens are ready.
JavaScript
constvoice=useVoiceAgent({
agent:"MyVoiceAgent",
enabled:Boolean(token),
});
TypeScript
constvoice=useVoiceAgent({
agent:"MyVoiceAgent",
enabled:Boolean(token),
});
This release also fixes Workers AI speech-to-text session edge cases and withVoice text streaming from AI SDK textStream responses.
Other improvements
Streamable HTTP routing — Server-to-client requests now route through the originating POST stream when no standalone SSE stream is available.
Structured tool output — Tool output shapes are preserved when truncating older messages or oversized persisted rows.
Non-chat Think tool steps — Think agent-tool children can complete without emitting assistant text and can return structured output through getAgentToolOutput.
Sub-agent schedules — Stale sub-agent schedule rows are pruned when their owning facet registry entry no longer exists.
@cloudflare/codemode — Adds a browser-safe export with an iframe sandbox executor and resolves OpenAPI specs inside the sandbox to avoid Worker Loader RPC size limits.
Unified authentication card – All sign-in options (identity provider buttons, email input, OTP) now appear in a single card with consistent styling, replacing the previous multi-section layout.
Consistent button styling – Identity provider buttons use a uniform size and layout for easier scanning and selection.
Better mobile experience – Responsive layout improvements ensure the login page renders correctly on phones and tablets.
Dark mode support – The login page now supports dark mode.
Cloudflare Gateway now supports natural language policy creation for DNS, HTTP, and Network firewall policies. Administrators can describe the outcome they want in plain language, and Cloudflare will generate a complete policy rule that populates the policy builder form.
To create a policy with natural language, select Create with AI on any Gateway firewall policy tab. Choose a policy type, describe what the policy should do, and a fully configured rule will appear in the policy builder for review. You can edit any field before saving, or re-generate with a different prompt.
The generated policy incorporates your account context – including lists, DLP profiles, applications, and device posture checks – so that references to your existing resources resolve automatically.
A built-in feedback mechanism allows you to rate each generated policy and provide optional comments, which Cloudflare uses to improve output quality over time.
We are refreshing the Workers AI model catalog to make room for newer releases. Please update your apps to remove references to the models listed below before the deprecation date.
Recommended replacements
@cf/zai-org/glm-4.7-flash — fast multilingual model with multi-turn tool calling and coding capabilities.
We originally stated Kimi K2.5 would be deprecated on May 10, 2026, however we have extended the deprecation date to May 30, 2026. Requests will be automatically aliased to Kimi K2.6 on May 30, 2026, which has a higher price. Please review the @cf/moonshotai/kimi-k2.6 pricing and model capabilities prior to May 30, 2026 to ensure that the model suits your needs.
The -fast and -lora variants of models will remain active, including:
@cf/meta/llama-3.3-70b-instruct-fp8-fast
@cf/meta/llama-3.1-8b-instruct-fast
@cf/google/gemma-7b-it-lora
@cf/google/gemma-2b-it-lora
@cf/mistral/mistral-7b-instruct-v0.2-lora
@cf/meta-llama/llama-2-7b-chat-hf-lora
LoRA models may be deprecated in the future. We will be adding more LoRA capabilities to the catalog, and will communicate when new LoRA models come online to give users time to train new LoRAs before we deprecate old ones.
Multiple security vulnerabilities were disclosed by the React team and Vercel affecting React Server Components and Next.js. These include denial of service, middleware and proxy bypass, server-side request forgery, cross-site scripting, and cache poisoning issues across a range of severity levels.
We strongly recommend updating your application and its dependencies immediately. Patched versions are available for React (react-server-dom-webpack, react-server-dom-parcel, and react-server-dom-turbopack19.0.6, 19.1.7, and 19.2.6) and Next.js (15.5.16 and 16.2.5).
WAF protections
Cloudflare WAF rules deployed in response to prior React Server Component CVEs (CVE-2025-55184 and CVE-2026-23864) already provide coverage for the newly disclosed denial-of-service vulnerabilities. These rules are enabled by default with a Block action for all customers using the Cloudflare Managed Ruleset, including Free plan customers using the Free Managed Ruleset.
The existing rules detect the underlying attack patterns generically. As a result, they apply to the new CVE-2026-23870 denial-of-service vulnerability in Server Components and the corresponding Next.js advisory GHSA-8h8q-6873-q5fj.
Cloudflare is investigating whether WAF rules can be safely and effectively deployed for three of the high-severity advisories: CVE-2026-23870 / GHSA-8h8q-6873-q5fj, GHSA-267c-6grr-h53f, and GHSA-mg66-mrh9-m8jx. If it is possible to create a managed WAF rule that mitigates these CVEs and does not potentially break application behavior, Cloudflare will add additional managed WAF rules. These rules will be announced through the WAF changelog. Because these vulnerabilities were shared with Cloudflare with minimal advance notice, we are still investigating what WAF mitigations are possible.
Several of the disclosed vulnerabilities are not possible to block in WAF. We strongly recommend updating your applications so they are not purely reliant on WAF mitigations.
Vinext:Vinext is a Vite plugin that reimplements the Next.js API surface. Vinext’s latest release is not vulnerable to any of the disclosed CVEs. Vinext’s architecture differs from stock Next.js in ways that sidestep the affected code paths. For example, it does not implement the PPR resume protocol, does not expose Pages Router data-route endpoints, and strips internal headers such as x-nextjs-data at request boundaries. As an extra layer of defense, we added a React 19.2.6 or later requirement when running vinext init (PR #1118, PR #1112) to prevent accidentally running a vulnerable version of React with Vinext.
OpenNext on Cloudflare: OpenNext is an adapter that lets you deploy Next.js apps to the Cloudflare Workers platform. OpenNext itself is not directly vulnerable to the React denial-of-service CVE, but users must update the Next.js version in their application. The OpenNext team has updated the adapter to further harden against these vectors and released a new version of the Cloudflare adapter. Test fixtures and examples have been updated to use patched versions (PR #1255).
Multiple security vulnerabilities were disclosed by the React team and Vercel affecting React Server Components and Next.js. These include denial of service, middleware and proxy bypass, server-side request forgery, cross-site scripting, and cache poisoning issues across a range of severity levels.
We strongly recommend updating your application and its dependencies immediately. Patched versions are available for React (react-server-dom-webpack, react-server-dom-parcel, and react-server-dom-turbopack19.0.6, 19.1.7, and 19.2.6) and Next.js (15.5.16 and 16.2.5).
WAF protections
Cloudflare WAF rules deployed in response to prior React Server Component CVEs (CVE-2025-55184 and CVE-2026-23864) already provide coverage for the newly disclosed denial-of-service vulnerabilities. These rules are enabled by default with a Block action for all customers using the Cloudflare Managed Ruleset, including Free plan customers using the Free Managed Ruleset.
The existing rules detect the underlying attack patterns generically. As a result, they apply to the new CVE-2026-23870 denial-of-service vulnerability in Server Components and the corresponding Next.js advisory GHSA-8h8q-6873-q5fj.
Cloudflare is investigating whether WAF rules can be safely and effectively deployed for three of the high-severity advisories: CVE-2026-23870 / GHSA-8h8q-6873-q5fj, GHSA-267c-6grr-h53f, and GHSA-mg66-mrh9-m8jx. If it is possible to create a managed WAF rule that mitigates these CVEs and does not potentially break application behavior, Cloudflare will add additional managed WAF rules. These rules will be announced through the WAF changelog. Because these vulnerabilities were shared with Cloudflare with minimal advance notice, we are still investigating what WAF mitigations are possible.
Several of the disclosed vulnerabilities are not possible to block in WAF. We strongly recommend updating your applications so they are not purely reliant on WAF mitigations.
Vinext:Vinext is a Vite plugin that reimplements the Next.js API surface. Vinext’s latest release is not vulnerable to any of the disclosed CVEs. Vinext’s architecture differs from stock Next.js in ways that sidestep the affected code paths. For example, it does not implement the PPR resume protocol, does not expose Pages Router data-route endpoints, and strips internal headers such as x-nextjs-data at request boundaries. As an extra layer of defense, we added a React 19.2.6 or later requirement when running vinext init (PR #1118, PR #1112) to prevent accidentally running a vulnerable version of React with Vinext.
OpenNext on Cloudflare: OpenNext is an adapter that lets you deploy Next.js apps to the Cloudflare Workers platform. OpenNext itself is not directly vulnerable to the React denial-of-service CVE, but users must update the Next.js version in their application. The OpenNext team has updated the adapter to further harden against these vectors and released a new version of the Cloudflare adapter. Test fixtures and examples have been updated to use patched versions (PR #1255).
You can now export your Requests for Information (RFI) history to a CSV document and customize your dashboard view by choosing how many RFI records to load per page.
Why this matters
These quality-of-life updates focus on data portability and dashboard performance, allowing power users to manage high volumes of requests more efficiently:
The new CSV export allows you to move RFI data into external tools for custom reporting, internal auditing, or cross-referencing with other security projects without manual data entry
With adjustable page density, you can now choose to load more records at once (10, 25 or 50) to scan through history faster
You can now export your Requests for Information (RFI) history to a CSV document and customize your dashboard view by choosing how many RFI records to load per page.
Why this matters
These quality-of-life updates focus on data portability and dashboard performance, allowing power users to manage high volumes of requests more efficiently:
The new CSV export allows you to move RFI data into external tools for custom reporting, internal auditing, or cross-referencing with other security projects without manual data entry
With adjustable page density, you can now choose to load more records at once (10, 25 or 50) to scan through history faster
This emergency release introduces a new rule to detect Next.js App Router middleware and proxy bypass attempts via segment-prefetch routes (CVE-2026-44575).
Key Findings
CVE-2026-44575: Next.js Middleware / Proxy Bypass in App Router Applications via Segment-Prefetch Routes
Successful exploitation allows unauthenticated attackers to bypass middleware or proxy-based authorization checks in affected Next.js App Router applications. This leads to unauthorized access to protected content, potential exposure of sensitive application data, and compromise of application security boundaries.
We strongly recommend upgrading to Next.js 15.5.16 or 16.2.5 (or later) immediately to address the underlying vulnerability. If you cannot upgrade immediately, enforce authorization in the underlying route or page logic instead of relying solely on middleware.
Ruleset
Rule ID
Legacy Rule ID
Description
Previous Action
New Action
Comments
Cloudflare Managed Ruleset
1de95bf6d6374e1099854278e77e4a53
N/A
Next.js – Middleware Bypass via Invalid RSC Header – CVE:CVE-2026-44575
