This week’s release introduces new detections for a critical Remote Code Execution (RCE) vulnerability in MCP Server (CVE-2026-23744), alongside targeted protection for an authentication bypass vulnerability in SolarWinds products (CVE-2025-40552). Additionally, this release includes a new generic detection rule designed to identify and block Cross-Site Scripting (XSS) injection attempts leveraging “OnEvent” handlers within HTTP cookies.
Key Findings
-
MCP Server (CVE-2026-23744): A vulnerability in the Model Context Protocol (MCP) server implementation where malformed input payloads can trigger a memory corruption state, allowing for arbitrary code execution.
-
SolarWinds (CVE-2025-40552): A critical flaw in the authentication module allows unauthenticated attackers to bypass security filters and gain unauthorized access to the management console due to improper identity token validation.
-
XSS OnEvents Cookies: This generic rule identifies malicious event handlers (such as onload or onerror) embedded within HTTP cookie values.
Impact
Successful exploitation of the MCP Server and SolarWinds vulnerabilities could allow unauthenticated attackers to execute arbitrary code or gain administrative control, leading to a full system takeover. Additionally, the new generic XSS detection prevents attackers from leveraging browser event handlers in cookies to hijack user sessions or execute malicious scripts.
| Ruleset | Rule ID | Legacy Rule ID | Description | Previous Action | New Action | Comments |
|---|---|---|---|---|---|---|
| Cloudflare Managed Ruleset | 73ae1cf103da4bacaa2e1a610aa410af | N/A | Log | Disabled | Generic Rules – Command Execution – 5 – Body | This is a new detection. |
| Cloudflare Managed Ruleset | a88a85b0cc5a4bc2abead6289131ec2f | N/A | Log | Disabled | Generic Rules – Command Execution – 5 – Header | This is a new detection. |
| Cloudflare Managed Ruleset | 28518cdc40544979bbd86720551eb9e5 | N/A | Log | Block | Generic Rules – Command Execution – 5 – URI | This is a new detection. |
| Cloudflare Managed Ruleset | 1177993d53a1467997002b44d46229eb | N/A | Log | Block | MCP Server – Remote Code Execution – CVE:CVE-2026-23744 | This is a new detection. |
| Cloudflare Managed Ruleset | 3d43cdfbc3c14584942f8bc4a864b9c2 | N/A | Log | Block | XSS – OnEvents – Cookies | This is a new detection. |
| Cloudflare Managed Ruleset | 41153470df2365192b0df74ca78ad04e | N/A | Log | Disabled | SQLi – Evasion – Body | This is a new detection. |
| Cloudflare Managed Ruleset | 64d812e6d5844d7c9d7a44a440732d48 | N/A | Log | Disabled | SQLi – Evasion – Headers | This is a new detection. |
| Cloudflare Managed Ruleset | 50de9369ef7c45928a5dfb34e68a99b5 | N/A | Log | Disabled | SQLi – Evasion – URI | This is a new detection. |
| Cloudflare Managed Ruleset | 765ffb5c67b94c9589106c843e8143d2 | N/A | Log | Disabled | SQLi – LIKE 3 – Body | This is a new detection. |
| Cloudflare Managed Ruleset | 5c3dbd4f115e47c781491fcd70e7fb97 | N/A | Log | Disabled | SQLi – LIKE 3 – URI | This is a new detection. |
| Cloudflare Managed Ruleset | 89fa6027a0334949b1cb2e654c538bd9 | N/A | Log | Disabled | SQLi – UNION – 2 – Body | This is a new detection. |
| Cloudflare Managed Ruleset | 05946b3458364f1b9d4819d561c439c9 | N/A | Log | Disabled | SQLi – UNION – 2 – URI | This is a new detection. |
| Cloudflare Managed Ruleset | b2fe5c2a39df4609b6d39908cf33ea10 | N/A | Log | Block | SolarWinds – Auth Bypass – CVE:CVE-2025-40552 | This is a new detection. |
Source: Cloudflare
Latest Posts
- Durable Objects, Workers – New `us` jurisdiction for Durable Objects
- (Updated) Upcoming change: disabling Teams meeting recording expiration notification emails [MC1245635]
- (Updated) Extending AI in SharePoint using custom skills [MC1269209]
- Microsoft OneNote: Multimodal recording in Copilot Notebooks on Windows [MC1405506]
![(Updated) Microsoft 365 Copilot: Copilot Chat for Teams Chats, Channels, Calling, and Meetings [MC1156360]](https://mwpro.co.uk/wp-content/uploads/2024/08/pexels-pachon-in-motion-426015731-18267030-150x150.webp "(Updated) Microsoft 365 Copilot: Copilot Chat for Teams Chats, Channels, Calling, and Meetings [MC1156360] 6")
![Microsoft Whiteboard content is now viewable in Microsoft Purview eDiscovery [MC1273444]](https://mwpro.co.uk/wp-content/uploads/2025/06/pexels-vome-11936582-96x96.webp "Microsoft Whiteboard content is now viewable in Microsoft Purview eDiscovery [MC1273444] 7")