This week's release introduces a new detection for a critical Remote Code Execution (RCE) vulnerability in Mesop (CVE-2026-33057), alongside protections for high-impact vulnerabilities in Cisco Secure Firewall Management Center (CVE-2026-20079) and FortiClient EMS (CVE-2026-21643). Additionally, this release includes an update to our existing React Server DoS coverage to address recently identified resource exhaustion vectors (CVE-2026-23869).
Key Findings
Cisco Secure FMC (CVE-2026-20079): A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center (FMC) that allows an unauthenticated, remote attacker to execute arbitrary commands or bypass security filters.
FortiClient EMS (CVE-2026-21643): A critical vulnerability in the FortiClient EMS permitting unauthorized access or administrative configuration manipulation via crafted HTTP requests.
Mesop (CVE-2026-33057): A vulnerability in the Mesop Python-based UI framework where unauthenticated attackers can execute arbitrary code by sending specially crafted, Base64-encoded payloads in the request body.
Impact
Successful exploitation of these vulnerabilities could allow unauthenticated attackers to execute arbitrary code, gain administrative control over network management infrastructure, or trigger server-side resource exhaustion. Administrators are strongly encouraged to apply official vendor updates.
RulesetRule IDLegacy Rule IDDescriptionPrevious ActionNew ActionCommentsCloudflare Managed Ruleset7767165cda1841b8b6e5abb7aef9415b N/ACisco Secure FMC - RCE via upgradeReadinessCall - CVE:CVE-2026-20079LogBlockThis is a new detection.Cloudflare Managed Ruleset3dd0b2b6f45c4bc08e49bf27ee7be621 N/AFortiClient EMS - Pre-Auth SQL Injection - CVE:CVE-2026-21643LogBlockThis is a new detection.Cloudflare Managed Ruleset0e3a6828906c4b24bad318a9c953a72b N/AMesop - Remote Code Execution - Base64 Payload - CVE:CVE-2026-33057LogBlockThis is a new detection.Cloudflare Managed Rulesetd95aa5410d1b4e98bf7a59d150c08f6f N/AReact Server - DOS - CVE:CVE-2026-23864 - 1 - BetaLogBlockThis rule has been merged into the original rule "React Server - DOS - CVE:CVE-2026-23864 - 1" (ID: aaede80b4d414dc89c443cea61680354 )Cloudflare Managed Ruleset7d6757e8a28f4853a72b4ce6ebd81645 N/AXSS, HTML Injection - Link Tag - URI (beta)N/ADisabledThis is a new detection.Cloudflare Managed Ruleset5e69d599ad634c81abe36a5f0af34bba N/AXSS, HTML Injection - Embed Tag - URI (beta)N/ADisabledThis is a new detection.
Fetched April 15, 2026