All Topics
All Topics
Technology
Technology
AI
AI
Business
Business
Entertainment
Entertainment
News
News
Programming
Programming
Security
Security
Science
Science
Design
Design
Environment
Environment
Finance
Finance
Crypto
Crypto
Politics
Politics
Sports
Sports
Education
Education
Gaming
Gaming
Art
Art
Music
Music
Health
Health
Books
Books
Food
Food
Travel
Travel
Personal
Personal
Bluesky
Twitter

WAF - WAF Release - 2026-04-15

2mo ago

Source

CloudflareWAF - WAF Release - 2026-04-15cloudflare.com
Snippet from the RSS feed
This week's release introduces a new detection for a critical Remote Code Execution (RCE) vulnerability in Mesop (CVE-2026-33057), alongside protections for high-impact vulnerabilities in Cisco Secure Firewall Management Center (CVE-2026-20079) and FortiClient EMS (CVE-2026-21643). Additionally, this release includes an update to our existing React Server DoS coverage to address recently identified resource exhaustion vectors (CVE-2026-23869). Key Findings Cisco Secure FMC (CVE-2026-20079): A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center (FMC) that allows an unauthenticated, remote attacker to execute arbitrary commands or bypass security filters. FortiClient EMS (CVE-2026-21643): A critical vulnerability in the FortiClient EMS permitting unauthorized access or administrative configuration manipulation via crafted HTTP requests. Mesop (CVE-2026-33057): A vulnerability in the Mesop Python-based UI framework where unauthenticated attackers can execute arbitrary code by sending specially crafted, Base64-encoded payloads in the request body. Impact Successful exploitation of these vulnerabilities could allow unauthenticated attackers to execute arbitrary code, gain administrative control over network management infrastructure, or trigger server-side resource exhaustion. Administrators are strongly encouraged to apply official vendor updates. Ruleset Rule ID Legacy Rule ID Description Previous Action New Action Comments Cloudflare Managed Ruleset 7767165cda1841b8b6e5abb7aef9415b N/A Cisco Secure FMC - RCE via upgradeReadinessCall - CVE:CVE-2026-20079 Log Block This is a new detection. Cloudflare Managed Ruleset 3dd0b2b6f45c4bc08e49bf27ee7be621 N/A FortiClient EMS - Pre-Auth SQL Injection - CVE:CVE-2026-21643 Log Block This is a new detection. Cloudflare Managed Ruleset 0e3a6828906c4b24bad318a9c953a72b N/A Mesop - Remote Code Execution - Base64 Payload - CVE:CVE-2026-33057 Log Block This is a new detection. Cloudflare Managed Ruleset d95aa5410d1b4e98bf7a59d150c08f6f N/A React Server - DOS - CVE:CVE-2026-23864 - 1 - Beta Log Block This rule has been merged into the original rule "React Server - DOS - CVE:CVE-2026-23864 - 1" (ID: aaede80b4d414dc89c443cea61680354 ) Cloudflare Managed Ruleset 7d6757e8a28f4853a72b4ce6ebd81645 N/A XSS, HTML Injection - Link Tag - URI (beta) N/A Disabled This is a new detection. Cloudflare Managed Ruleset 5e69d599ad634c81abe36a5f0af34bba N/A XSS, HTML Injection - Embed Tag - URI (beta) N/A Disabled This is a new detection.

You might also wanna read

Comments

Sign in to join the conversation.

No comments yet. Be the first.