This release adds targeted coverage for a path traversal flaw in Fortinet FortiSandbox (CVE-2026-39813) and transitions the Anomaly:Header:User-Agent – Fake Bing or MSN Bot rule action from Block to Disabled.
Key Findings
- CVE-2026-39813: A path traversal vulnerability in Fortinet FortiSandbox allows remote, unauthenticated attackers to read arbitrary files from the underlying filesystem due to insufficient validation of user-supplied input paths.
| Ruleset | Rule ID | Legacy Rule ID | Description | Previous Action | New Action | Comments |
|---|---|---|---|---|---|---|
| Cloudflare Managed Ruleset | 32075e19b1494117ac5915e8d84c92c9 | N/A | Fortinet FortiSandbox – Path Traversal – CVE:CVE-2026-39813 | Log | Block | This is a new detection. |
| Cloudflare Managed Ruleset | ae20608d93b94e97988db1bbc12cf9c8 | N/A | Anomaly:Header:User-Agent – Fake Bing or MSN Bot | Enabled | Disabled | We are changing the action for this rule from BLOCK to Disabled |
Source: Cloudflare
Latest Posts
- Vectorize – Reduced end-to-end latency for vector changes

- MC1411144: Power Apps Adds CLI Commands to Discover and Create Connectors in Code Apps

- MC1411121: Dynamics 365 Customer Insights Adds Audience Targeting Using Signals from Previous Campaigns

- MC1411132: Power Automate Gets AI-Powered UI Automation Repair Agent for Desktop Flows






