Due to a misconfiguration in the manifest file of the WARP client for Android, it was possible to a perform a task hijacking attack. An attacker could create a malicious mobile application which could hijack legitimate app and steal potentially sensitive information when installed on the victim's device.
https://github.com/cloudflare/advisories/security/advisories/GHSA-35f7-fqrc-4hhj