Emergency WAF rules block critical RCE and SQLi attacks
This emergency release adds a new managed rule to block active exploitation of a critical remote code execution (RCE) and SQL injection (SQLi) vulnerability found in popular web frameworks.
Key Findings
-
Generic Frameworks - Unauthenticated RCE: Attackers can execute arbitrary system commands with web server privileges by sending malicious input containing invalid path sequences during request processing.
-
Generic Frameworks - SQLi: Attackers can execute unauthorized database queries due to a failure to sanitize input values within request parameters.
Ruleset
Rule ID
Legacy Rule ID
Description
Previous Action
New Action
Comments
Cloudflare Managed Ruleset
7dfb2bd4708d4b88b9911dc0550664b6
N/A
Generic Rules - Unauthenticated RCE
N/A
Block
This is a new detection.
Cloudflare Managed Ruleset
1c060d3a371549219ee290d7ed933fcc
N/A
Generic Rules - SQLi
N/A
Block
This is a new detection.
Cloudflare Free Ruleset
ebd3f2df15c74ddcbf6220c9b5ec246a
N/A
Generic Rules - Unauthenticated RCE
N/A
Block
This is a new detection.
Cloudflare Free Ruleset
db003b39b7774859a8d588ce33697a1a
N/A
Generic Rules - SQLi
N/A
Block
This is a new detection.
Fetched July 17, 2026
