All Topics
All Topics
Technology
Technology
AI
AI
Business
Business
Entertainment
Entertainment
News
News
Programming
Programming
Security
Security
Science
Science
Design
Design
Environment
Environment
Finance
Finance
Crypto
Crypto
Politics
Politics
Sports
Sports
Education
Education
Gaming
Gaming
Art
Art
Music
Music
Health
Health
Books
Books
Food
Food
Travel
Travel
Personal
Personal
Bluesky
Twitter

WAF - WAF Release - 2026-05-04

2mo ago

Source

CloudflareWAF - WAF Release - 2026-05-04cloudflare.com
Snippet from the RSS feed
This week's release focuses on new detections to expand coverage across command injection, SQL injection, PHP object injection, remote code execution, and XSS attack vectors. Key Findings Existing rule enhancements have been deployed to improve detection resilience against broad classes of web attacks and strengthen behavioral coverage. Continuous Rule Improvements We are continuously refining our managed rules to provide more resilient protection and deeper insights into attack patterns. To ensure an optimal security posture, we recommend consistently monitoring the Security Events dashboard and adjusting rule actions as these enhancements are deployed. Ruleset Rule ID Legacy Rule ID Description Previous Action New Action Comments Cloudflare Managed Ruleset 607ec27233b54beb8b89386ef0884a68 N/A XSS, HTML Injection - Object Tag - Body (beta) Log Block This is a new detection. This rule is merged into the original rule "XSS, HTML Injection - Object Tag" (ID: e9e3ac45a6d842f1a132fbf70c14e284 ). Cloudflare Managed Ruleset 0087c27420c54168a10bc05eff012303 N/A XSS, HTML Injection - Object Tag - Headers Log Block This is a new detection. The rule previously known as "XSS, HTML Injection - Object Tag - Headers (beta)" is now renamed to "XSS, HTML Injection - Object Tag - Headers". Cloudflare Managed Ruleset 38dc97853ebf40ed9476ec7816f921d9 N/A XSS, HTML Injection - Object Tag - URI Log Block This is a new detection. The rule previously known as "XSS, HTML Injection - Object Tag - URI (beta)" is now renamed to "XSS, HTML Injection - Object Tag - URI". Cloudflare Managed Ruleset 963cb530f72d4c75b2ae7befdc90d21a N/A Command Injection - Generic 9 - Body Vector - Beta N/A Disabled This is a new detection. This rule is merged into the original rule "Command Injection - Generic 9 - Body Vector" (ID: 155bb67d1061479e995a38510677175f ) Cloudflare Managed Ruleset 6ac1b6dfe22449a798cc7021f8960375 N/A Command Injection - Generic 9 - Header Vector - Beta N/A Disabled This is a new detection. This rule is merged into the original rule "Command Injection - Generic 9 - Header Vector" (ID: b31c34a7b29b4aaf9be6883d1eb7a999 ) Cloudflare Managed Ruleset 47a9b66dd73a4a558590c4bdef47a800 N/A Command Injection - Generic 9 - URI Vector - Beta N/A Disabled This is a new detection. This rule is merged into the original rule "Command Injection - Generic 9 - URI Vector" (ID: 54ad0465c30d4cd2ac7a707197321c6c ) Cloudflare Managed Ruleset d2ae4a8093f245a1b9de71bbbeebf804 N/A Command Injection - Sleep - Body N/A Disabled This is a new detection. The rule previously known as "Command Injection Sleep" is now renamed to "Command Injection - Sleep - Body". Cloudflare Managed Ruleset da91868c0d3d44afb846e7830d257566 N/A Command Injection - Sleep - Headers N/A Disabled This is a new detection. Cloudflare Managed Ruleset 04863c61e982464b91778f051856fe86 N/A Command Injection - Sleep - URI N/A Disabled This is a new detection. Cloudflare Managed Ruleset 9dc1a0b8dbb7425db619309be6e43c37 N/A Fortinet FortiSandbox - Command Injection - CVE:CVE-2026-39808 Log Block This is a new detection. Cloudflare Managed Ruleset b84c10f5a8f84800905932dc88118795 N/A Remote Code Execution - Common Bash Bypass - Headers N/A Disabled This is a new detection. Cloudflare Managed Ruleset f496c40011f14bfdb5f55ec79299d53b N/A Remote Code Execution - Common Bash Bypass - URI N/A Disabled This is a new detection. Cloudflare Managed Ruleset a5f75abac2664554a984d061b0bf33f9 N/A Remote Code Execution - Common Bash Bypass - Body - Beta N/A Disabled This is a new detection. This rule is merged into the original rule "Remote Code Execution - Common Bash Bypass Body" (ID: 6e2f7a696ea74c979e7d069cefb7e5b9 ). The rule previously known as "Remote Code Execution - Common Bash Bypass Beta" is now renamed to "Remote Code Execution - Common Bash Bypass Body". Cloudflare Managed Ruleset bbb31a886ab54f6c8cdd220d33bfe8b9 N/A PHP Object Injection - 2 - Body - Beta N/A Disabled This is a new detection. This rule is merged into the original rule "PHP Object Injection - 2" (ID: 8ef3c3f91eef46919cc9cb6d161aafdc ) Cloudflare Managed Ruleset e199688ab69746c88c33457f29552387 N/A PHP Object Injection - 2 - Headers N/A Disabled This is a new detection. Cloudflare Managed Ruleset eb33d40e96c54e929af6ed9c8104f4c5 N/A PHP Object Injection - 2 - URI N/A Disabled This is a new detection. Cloudflare Managed Ruleset 76b15b7b122a4be6a40d8aa96a46201e N/A SQLi - DROP - 2 - Beta N/A Disabled This is a new detection. This rule is merged into the original rule "SQLi - DROP - 2" (ID: a967a167874b42b6898be46e48ac2221 ) Cloudflare Managed Ruleset e24b2ef4a5c54f97a62db7a68b7f85ee N/A SQLi - DROP - 2 - Headers N/A Disabled This is a new detection. Cloudflare Managed Ruleset 51123f35f1d249358aea8fb11546b5f0 N/A SQLi - DROP - 2 - URI N/A Disabled This is a new detection. Cloudflare Managed Ruleset d86d8873310d41f2877458a91e053dce N/A SmarterMail - Remote Code Execution - CVE:CVE-2026-24423 Log Block This is a new detection. Cloudflare Managed Ruleset 00da180570d34b5bae2121acd0023a36 N/A SQLi - SELECT Expression - Body Block Disabled Action changed Cloudflare Managed Ruleset c46d9097c9ef419aa4d9f10626cc211f N/A SQLi - String Concatenation - URI Block Disabled Action changed

You might also wanna read

Comments

Sign in to join the conversation.

No comments yet. Be the first.