WAF Release - 2026-04-21
This week's release introduces a new detection for a Remote Code Execution (RCE) vulnerability in Apache ActiveMQ (CVE-2026-34197) and an updated signature for Magento 2 - Unrestricted File Upload. Alongside these detections, we are continuing our work on rule refinements to provide deeper security insights for our customers.
Key Findings
-
Apache ActiveMQ (CVE-2026-34197): A vulnerability in Apache ActiveMQ allows an unauthenticated, remote attacker to execute arbitrary code. This flaw occurs during the processing of specially crafted network packets, leading to potential full system compromise.
-
Magento 2 - Unrestricted File Upload - 2: This is a follow-up enhancement to our existing protections for Magento and Adobe Commerce.
Impact
Successful exploitation of these vulnerabilities could allow unauthenticated attackers to execute arbitrary code or gain full administrative control over affected servers. We strongly recommend applying official vendor patches for Apache ActiveMQ and Magento to address the underlying vulnerabilities.
Continuous Rule Improvements
We are continuously refining our managed rules to provide more resilient protection and deeper insights into attack patterns. To ensure an optimal security posture, we recommend consistently monitoring the Security Events dashboard and adjusting rule actions as these enhancements are deployed.
| Ruleset | Rule ID | Legacy Rule ID | Description | Previous Action | New Action | Comments |
|---|---|---|---|---|---|---|
| Cloudflare Managed Ruleset | N/A | Command Injection - Generic 8 - uri | Log | Block | This is a new detection. Previous description was "Command Injection - Generic 8 - uri - Beta" | |
| Cloudflare Managed Ruleset | N/A | Command Injection - Generic 8 - body | Disabled | Disabled | Rule metadata description refined. Previous description was
"Command Injection - Generic 8" (ID:
| |
| Cloudflare Managed Ruleset | N/A | Command Injection - Generic 8 - body - Beta | Disabled | Disabled | This is a new detection. This rule is merged into the original rule
"Command Injection - Generic 8 - body" (ID:
| |
| Cloudflare Managed Ruleset | N/A | MySQL - SQLi - Executable Comment - Body | Block | Block | Rule metadata description refined. Previous description was
"MySQL - SQLi - Executable Comment" (ID:
| |
| Cloudflare Managed Ruleset | N/A | MySQL - SQLi - Executable Comment - Beta | Log | Block | This is a new detection. This rule is merged into the original rule
"MySQL - SQLi - Executable Comment - Body" (ID:
| |
| Cloudflare Managed Ruleset | N/A | MySQL - SQLi - Executable Comment - Headers | Log | Block | This is a new detection. | |
| Cloudflare Managed Ruleset | N/A | MySQL - SQLi - Executable Comment - URI | Log | Block | This is a new detection. | |
| Cloudflare Managed Ruleset | N/A | Magento 2 - Unrestricted file upload - 2 | Log | Block | This is a new detection. | |
| Cloudflare Managed Ruleset | N/A | Apache ActiveMQ - Remote Code Execution - CVE:CVE-2026-34197 | Log | Block | This is a new detection. | |
| Cloudflare Managed Ruleset | N/A | SQLi - Sleep Function - Beta | Log | Block | This is a new detection. This rule is merged into the original rule
"SQLi - Sleep Function" (ID:
| |
| Cloudflare Managed Ruleset | N/A | SQLi - Sleep Function - Headers | Log | Block | This is a new detection. | |
| Cloudflare Managed Ruleset | N/A | SQLi - Sleep Function - URI | Log | Block | This is a new detection. | |
| Cloudflare Managed Ruleset | N/A | SQLi - Probing - uri | Log | Block | This is a new detection. | |
| Cloudflare Managed Ruleset | N/A | SQLi - Probing - header | Log | Block | This is a new detection. | |
| Cloudflare Managed Ruleset | N/A | SQLi - Probing - body | Disabled | Disabled | This is a new detection. This rule is merged into the original rule
"SQLi - Probing" (ID: | |
| Cloudflare Managed Ruleset | N/A | SQLi - Probing 2 | Disabled | Disabled | This rule had duplicate detection logic and has been deprecated. | |
| Cloudflare Managed Ruleset | N/A | SQLi - UNION in MSSQL - Body | Disabled | Disabled | This rule has been renamed to differentiate from "SQLi - UNION in MSSQL" (ID: | |
| Cloudflare Managed Ruleset | N/A | SQLi - UNION - 3 | Disabled | Disabled | This rule had duplicate detection logic and has been deprecated. | |
| Cloudflare Managed Ruleset | N/A | XSS, HTML Injection - Embed Tag - URI | Disabled | Disabled | This is a new detection. | |
| Cloudflare Managed Ruleset | N/A | XSS, HTML Injection - Embed Tag - Headers | Log | Block | This is a new detection. | |
| Cloudflare Managed Ruleset | N/A | XSS, HTML Injection - IFrame Tag - Src and Srcdoc Attributes - Headers | Log | Disabled | This is a new detection. | |
| Cloudflare Managed Ruleset | N/A | XSS, HTML Injection - Link Tag - Headers | Log | Disabled | This is a new detection. | |
| Cloudflare Managed Ruleset | N/A | XSS, HTML Injection - Link Tag - URI | Disabled | Disabled | This is a new detection. |