releases.shpreview

Fortinet path traversal covered; false‑positive bot rule disabled

1 feature1 fixThis release1 featureNew capabilities1 fixBug fixesAI-tallied from the release notes

This release adds targeted coverage for a path traversal flaw in Fortinet FortiSandbox (CVE-2026-39813) and transitions the Anomaly:Header:User-Agent - Fake Bing or MSN Bot rule action from Block to Disabled.

Key Findings

  • CVE-2026-39813: A path traversal vulnerability in Fortinet FortiSandbox allows remote, unauthenticated attackers to read arbitrary files from the underlying filesystem due to insufficient validation of user-supplied input paths.

Ruleset

Rule ID

Legacy Rule ID

Description

Previous Action

New Action

Comments

Cloudflare Managed Ruleset

32075e19b1494117ac5915e8d84c92c9

N/A

Fortinet FortiSandbox - Path Traversal - CVE:CVE-2026-39813

Log

Block

This is a new detection.

Cloudflare Managed Ruleset

ae20608d93b94e97988db1bbc12cf9c8

N/A

Anomaly:Header:User-Agent - Fake Bing or MSN Bot

Enabled

Disabled

We are changing the action for this rule from BLOCK to Disabled

Fetched July 1, 2026