Security researchers have published a new bypass for major Cloud Web Application Firewalls (WAFs) that leverages 'Chunked Transfer Encoding' anomalies. By splitting a malicious payload across multiple HTTP chunks with non-standard whitespace or casing in the headers, attackers can cause the WAF to see benign fragments while the backend server reassembles a full exploit string (e.g., SQL injection). This desynchronization attack exploits subtle differences in how HTTP proxies and web servers handle RFC-non-compliant headers. Organizations should configure WAFs to reject non-standard chunked encoding formats entirely to mitigate this risk.