WAF – WAF Release – 2026-07-01

WAF – WAF Release – 2026-07-01

This release adds targeted coverage for a path traversal flaw in Fortinet FortiSandbox (CVE-2026-39813) and transitions the Anomaly:Header:User-Agent – Fake Bing or MSN Bot rule action from Block to Disabled.

Key Findings

  • CVE-2026-39813: A path traversal vulnerability in Fortinet FortiSandbox allows remote, unauthenticated attackers to read arbitrary files from the underlying filesystem due to insufficient validation of user-supplied input paths.
RulesetRule IDLegacy Rule IDDescriptionPrevious ActionNew ActionComments
Cloudflare Managed Ruleset32075e19b1494117ac5915e8d84c92c9 N/AFortinet FortiSandbox – Path Traversal – CVE:CVE-2026-39813LogBlock

This is a new detection.

Cloudflare Managed Rulesetae20608d93b94e97988db1bbc12cf9c8 N/AAnomaly:Header:User-Agent – Fake Bing or MSN BotEnabledDisabled

We are changing the action for this rule from BLOCK to Disabled

Source: Cloudflare



Latest Posts

Pass It On
Leave a Comment

Comments

No comments yet. Why don’t you start the discussion?

Leave a Reply