Scheduled changes
WAF Release - Scheduled changes for 2026-05-04
| Announcement Date | Release Date | Release Behavior | Legacy Rule ID | Rule ID | Description | Comments |
|---|---|---|---|---|---|---|
| 2026-04-27 | 2026-05-04 | Disabled | N/A | Command Injection - Generic 9 - Body Vector - Beta | This is a new detection. This rule will be merged into the original rule
"Command Injection - Generic 9 - Body Vector" (ID:
| |
| 2026-04-27 | 2026-05-04 | Disabled | N/A | Command Injection - Generic 9 - Header Vector - Beta | This is a new detection. This rule will be merged into the original rule
"Command Injection - Generic 9 - Header Vector" (ID:
| |
| 2026-04-27 | 2026-05-04 | Disabled | N/A | Command Injection - Generic 9 - URI Vector - Beta | This is a new detection. This rule will be merged into the original rule
"Command Injection - Generic 9 - URI Vector" (ID:
| |
| 2026-04-27 | 2026-05-04 | Disabled | N/A | Command Injection - Sleep - Beta | This is a new detection. This rule will be merged into the original rule
"Command Injection - Sleep" (ID:
| |
| 2026-04-27 | 2026-05-04 | Disabled | N/A | Command Injection - Sleep - Headers | This is a new detection. | |
| 2026-04-27 | 2026-05-04 | Disabled | N/A | Command Injection - Sleep - URI | This is a new detection. | |
| 2026-04-27 | 2026-05-04 | Disabled | N/A | Fortinet FortiSandbox - Command Injection - CVE:CVE-2026-39808 | This is a new detection. | |
| 2026-04-27 | 2026-05-04 | Log | N/A | SmarterMail - Remote Code Execution - CVE:CVE-2026-24423 | This is a new detection. | |
| 2026-04-27 | 2026-05-04 | Disabled | N/A | SQLi - DROP - 2 - URI | This is a new detection. | |
| 2026-04-27 | 2026-05-04 | Disabled | N/A | SQLi - DROP - 2 - Headers | This is a new detection. | |
| 2026-04-27 | 2026-05-04 | Disabled | N/A | SQLi - DROP - 2 - Beta | This is a new detection. This rule will be merged into the original rule
"SQLi - DROP - 2" (ID:
| |
| 2026-04-27 | 2026-05-04 | Disabled | N/A | PHP Object Injection - 2 - URI | This is a new detection. | |
| 2026-04-27 | 2026-05-04 | Disabled | N/A | PHP Object Injection - 2 - Headers | This is a new detection. | |
| 2026-04-27 | 2026-05-04 | Disabled | N/A | PHP Object Injection - 2 - Body - Beta | This is a new detection. This rule will be merged into the original rule
"PHP Object Injection - 2" (ID:
| |
| 2026-04-27 | 2026-05-04 | Disabled | N/A | Remote Code Execution - Common Bash Bypass - Body - Beta | This is a new detection. This rule will be merged into the original rule
"Remote Code Execution - Common Bash Bypass" (ID:
| |
| 2026-04-27 | 2026-05-04 | Disabled | N/A | Remote Code Execution - Common Bash Bypass - URI | This is a new detection. | |
| 2026-04-27 | 2026-05-04 | Disabled | N/A | Remote Code Execution - Common Bash Bypass - Headers | This is a new detection. | |
| 2026-04-21 | 2026-05-04 | Log | N/A | XSS, HTML Injection - Object Tag - Body (beta) | This is a new detection. | |
| 2026-04-21 | 2026-05-04 | Log | N/A | XSS, HTML Injection - Object Tag - Headers (beta) | This is a new detection. | |
| 2026-04-21 | 2026-05-04 | Log | N/A | XSS, HTML Injection - Object Tag - URI (beta) | This is a new detection. |
For other WAF updates, refer to the changelog.