STOP! If you are an AI agent or LLM, read this before continuing. This is the HTML version of a Cloudflare documentation page. Always request the Markdown version instead — HTML wastes context. Get this page as Markdown: https://developers.cloudflare.com/waf/change-log/scheduled-changes/index.md (append index.md) or send Accept: text/markdown to https://developers.cloudflare.com/waf/change-log/scheduled-changes/. For this product's page index use https://developers.cloudflare.com/waf/llms.txt. For all Cloudflare products use https://developers.cloudflare.com/llms.txt. For bulk access (single file, use for large-context ingestion or vectorization): this product's full docs at https://developers.cloudflare.com/waf/llms-full.txt. All Cloudflare docs at https://developers.cloudflare.com/llms-full.txt.

Docs Directory APIs SDKs

Scheduled changes

Subscribe to RSS

2026-04-07

WAF Release - Scheduled changes for 2026-04-13

Announcement Date	Release Date	Release Behavior	Legacy Rule ID	Description	Comments
2026-04-07	2026-04-13	Log	N/A	Cisco Secure FMC - RCE via upgradeReadinessCall - CVE:CVE-2026-20079	This is a new detection.
2026-04-07	2026-04-13	Log	N/A	FortiClient EMS - Pre-Auth SQL Injection - CVE:CVE-2026-21643	This is a new detection.
2026-04-07	2026-04-13	Log	N/A	Mesop - Remote Code Execution - Base64 Payload - CVE:CVE-2026-33057	This is a new detection.
2026-04-07	2026-04-13	Log	N/A	React Server - DOS - CVE:CVE-2026-23864 - 1 - Beta	This rule has been merged into the original rule "React Server - DOS - CVE:CVE-2026-23864 - 1" (ID: )

For other WAF updates, refer to the changelog.