This week’s release introduces a new detection for a critical Remote Code Execution (RCE) vulnerability in Mesop (CVE-2026-33057), alongside protections for high-impact vulnerabilities in Cisco Secure Firewall Management Center (CVE-2026-20079) and FortiClient EMS (CVE-2026-21643). Additionally, this release includes an update to our existing React Server DoS coverage to address recently identified resource exhaustion vectors (CVE-2026-23869).
Key Findings
-
Cisco Secure FMC (CVE-2026-20079): A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center (FMC) that allows an unauthenticated, remote attacker to execute arbitrary commands or bypass security filters.
-
FortiClient EMS (CVE-2026-21643): A critical vulnerability in the FortiClient EMS permitting unauthorized access or administrative configuration manipulation via crafted HTTP requests.
-
Mesop (CVE-2026-33057): A vulnerability in the Mesop Python-based UI framework where unauthenticated attackers can execute arbitrary code by sending specially crafted, Base64-encoded payloads in the request body.
Impact
Successful exploitation of these vulnerabilities could allow unauthenticated attackers to execute arbitrary code, gain administrative control over network management infrastructure, or trigger server-side resource exhaustion. Administrators are strongly encouraged to apply official vendor updates.
| Ruleset | Rule ID | Legacy Rule ID | Description | Previous Action | New Action | Comments |
|---|---|---|---|---|---|---|
| Cloudflare Managed Ruleset | 7767165cda1841b8b6e5abb7aef9415b | N/A | Cisco Secure FMC – RCE via upgradeReadinessCall – CVE:CVE-2026-20079 | Log | Block | This is a new detection. |
| Cloudflare Managed Ruleset | 3dd0b2b6f45c4bc08e49bf27ee7be621 | N/A | FortiClient EMS – Pre-Auth SQL Injection – CVE:CVE-2026-21643 | Log | Block | This is a new detection. |
| Cloudflare Managed Ruleset | 0e3a6828906c4b24bad318a9c953a72b | N/A | Mesop – Remote Code Execution – Base64 Payload – CVE:CVE-2026-33057 | Log | Block | This is a new detection. |
| Cloudflare Managed Ruleset | d95aa5410d1b4e98bf7a59d150c08f6f | N/A | React Server – DOS – CVE:CVE-2026-23864 – 1 – Beta | Log | Block | This rule has been merged into the original rule “React Server – DOS – CVE:CVE-2026-23864 – 1” (ID: aaede80b4d414dc89c443cea61680354 ) |
| Cloudflare Managed Ruleset | 7d6757e8a28f4853a72b4ce6ebd81645 | N/A | XSS, HTML Injection – Link Tag – URI (beta) | N/A | Disabled | This is a new detection. |
| Cloudflare Managed Ruleset | 5e69d599ad634c81abe36a5f0af34bba | N/A | XSS, HTML Injection – Embed Tag – URI (beta) | N/A | Disabled | This is a new detection. |
Source: Cloudflare
Latest Posts
- Power Platform – Copilot hub – new model-driven app settings for Data entry, Data exploration, and Summary [MC1281426]
- Amazon Quick Introduces Sheet Tooltips for Rich, Contextual Data Exploration
- (Updated) Migration update for Office 365 connectors retirement in Teams – webhook URL support [MC1181996]
- WAF – WAF Release – 2026-04-15
![(Updated) Microsoft 365 Copilot: Intelligent Summaries in Copilot Dashboard [MC1266912]](https://mwpro.co.uk/wp-content/uploads/2024/08/pexels-googledeepmind-25626514-150x150.webp "(Updated) Microsoft 365 Copilot: Intelligent Summaries in Copilot Dashboard [MC1266912] 6")