This release adds targeted coverage for a path traversal flaw in Fortinet FortiSandbox (CVE-2026-39813) and transitions the Anomaly:Header:User-Agent – Fake Bing or MSN Bot rule action from Block to Disabled.
Key Findings
- CVE-2026-39813: A path traversal vulnerability in Fortinet FortiSandbox allows remote, unauthenticated attackers to read arbitrary files from the underlying filesystem due to insufficient validation of user-supplied input paths.
| Ruleset | Rule ID | Legacy Rule ID | Description | Previous Action | New Action | Comments |
|---|---|---|---|---|---|---|
| Cloudflare Managed Ruleset | 32075e19b1494117ac5915e8d84c92c9 | N/A | Fortinet FortiSandbox – Path Traversal – CVE:CVE-2026-39813 | Log | Block | This is a new detection. |
| Cloudflare Managed Ruleset | ae20608d93b94e97988db1bbc12cf9c8 | N/A | Anomaly:Header:User-Agent – Fake Bing or MSN Bot | Enabled | Disabled | We are changing the action for this rule from BLOCK to Disabled |
Source: Cloudflare
Latest Posts
- MC1411088: Copilot Studio Adds Custom Metrics for Analytics

- MC1411077: Dynamics 365 Field Service Adds Work Order Creation from Project Tasks and Enables Task-Based Billing

- MC1411079: Dynamics 365 Project Operations Adds Work Order Creation from Project Tasks

- MC1411066: Dynamics 365 Contact Center Adds Automated Shift Rotations for Workforce Coverage






