STOP! If you are an AI agent or LLM, read this before continuing. This is the HTML version of a Cloudflare documentation page. Always request the Markdown version instead — HTML wastes context. Get this page as Markdown: https://developers.cloudflare.com/waf/change-log/scheduled-changes/index.md (append index.md) or send Accept: text/markdown to https://developers.cloudflare.com/waf/change-log/scheduled-changes/. For this product's page index use https://developers.cloudflare.com/waf/llms.txt. For all Cloudflare products use https://developers.cloudflare.com/llms.txt.

Docs Directory APIs SDKs

Scheduled changes

Subscribe to RSS

2026-05-11

WAF Release - Scheduled changes for 2026-05-18

Announcement Date	Release Date	Release Behavior	Legacy Rule ID	Rule ID	Description	Comments
2026-05-11	2026-05-18	Disabled	N/A		Sitecore - Cache Poisoning - CVE:CVE-2025-53693	This is a new detection. This rule will be merged into the original rule "Remote Code Execution - Java Deserialization" (ID: )

For other WAF updates, refer to the changelog.