WAF - WAF Release - 2026-03-02
4mo ago
Source
CloudflareWAF - WAF Release - 2026-03-02cloudflare.comThis week's release introduces new detections for vulnerabilities in SmarterTools SmarterMail (CVE-2025-52691 and CVE-2026-23760), alongside improvements to an existing Command Injection (nslookup) detection to enhance coverage. Key Findings CVE-2025-52691: SmarterTools SmarterMail mail server is vulnerable to Arbitrary File Upload, allowing an unauthenticated attacker to upload files to any location on the mail server, potentially enabling remote code execution. CVE-2026-23760: SmarterTools SmarterMail versions prior to build 9511 contain an authentication bypass vulnerability in the password reset API permitting unaunthenticated to reset system administrator accounts failing to verify existing password or reset token. Impact Successful exploitation of these SmarterMail vulnerabilities could lead to full system compromise or unauthorized administrative access to mail servers. Administrators are strongly encouraged to apply vendor patches without delay. Ruleset Rule ID Legacy Rule ID Description Previous Action New Action Comments Cloudflare Managed Ruleset 0f282f3c89614779966faf52966ec6b1 N/A SmarterMail - Arbitrary File Upload - CVE-2025-52691 Log Block This is a new detection. Cloudflare Managed Ruleset 35978af68e374a059e397bf5ee964a8c N/A SmarterMail - Authentication Bypass - CVE-2026-23760 Log Block This is a new detection. Cloudflare Managed Ruleset 4bb099bcd71141d4a35c1aa675b64d99 N/A Command Injection - Nslookup - Beta Log Block This rule is merged into the original rule "Command Injection - Nslookup" (ID: f4a310393c564d50bd585601b090ba9a )
You might also wanna read
Cloudflare expands AI bot management tools with granular traffic controls for all customers
Cloudflare is celebrating the second "Content Independence Day" by expanding AI traffic management options for all website owners. Building
Workers - Simpler runtime types with @cloudflare/workers-types v5
Cloudflare·1d ago
Workers - Work across multiple accounts with Wrangler auth profiles
Cloudflare·2d ago
Cache - Cache multiple versions of a URL with Vary
Cloudflare·2d ago
Cloudflare One - Hostname routing for Cloudflare Mesh
Cloudflare·2d ago
AI Search - Manage AI Search sync jobs with Wrangler CLI
Cloudflare·2d ago

Comments
Sign in to join the conversation.
No comments yet. Be the first.