releases.shpreview
CloudflareCloudflare/Application Security

WAF - WAF Release - 2026-04-21

April 21, 2026Application Security ChangelogView original ↗

This week's release introduces a new detection for a Remote Code Execution (RCE) vulnerability in Apache ActiveMQ (CVE-2026-34197) and an updated signature for Magento 2 - Unrestricted File Upload. Alongside these detections, we are continuing our work on rule refinements to provide deeper security insights for our customers.

Key Findings

  • Apache ActiveMQ (CVE-2026-34197): A vulnerability in Apache ActiveMQ allows an unauthenticated, remote attacker to execute arbitrary code. This flaw occurs during the processing of specially crafted network packets, leading to potential full system compromise.

  • Magento 2 - Unrestricted File Upload - 2: This is a follow-up enhancement to our existing protections for Magento and Adobe Commerce.

Impact

Successful exploitation of these vulnerabilities could allow unauthenticated attackers to execute arbitrary code or gain full administrative control over affected servers. We strongly recommend applying official vendor patches for Apache ActiveMQ and Magento to address the underlying vulnerabilities.

Continuous Rule Improvements

We are continuously refining our managed rules to provide more resilient protection and deeper insights into attack patterns. To ensure an optimal security posture, we recommend consistently monitoring the Security Events dashboard and adjusting rule actions as these enhancements are deployed.

Ruleset

Rule ID

Legacy Rule ID

Description

Previous Action

New Action

Comments

Cloudflare Managed Ruleset

ff8df24181aa4573a81be531ee159e2e

N/A

Command Injection - Generic 8 - uri

Log

Block

This is a new detection. Previous description was "Command Injection - Generic 8 - uri - Beta"

Cloudflare Managed Ruleset

9429b63c137247faadeb8a29a15308cf

N/A

Command Injection - Generic 8 - body - Beta

Disabled

Disabled

This is a new detection. This rule is merged into the original rule "Command Injection - Generic 8 - body" (ID: 5b3ce84c099040c6a25cee2d413592e2 ). The rule previously known as "Command Injection - Generic 8" is now renamed to "Command Injection - Generic 8 - body".

Cloudflare Managed Ruleset

85aaf5db9e0c4237b87e837e958047ed

N/A

MySQL - SQLi - Executable Comment - Beta

Log

Block

This is a new detection. This rule is merged into the original rule "MySQL - SQLi - Executable Comment - Body" (ID: 8629bb58defe4193ab4d493c7bd2d8fa ) The rule previously known as "MySQL - SQLi - Executable Comment" is now renamed to "MySQL - SQLi - Executable Comment - Body".

Cloudflare Managed Ruleset

d19cd574c4644952881a6f3a582cc559

N/A

MySQL - SQLi - Executable Comment - Headers

Log

Block

This is a new detection.

Cloudflare Managed Ruleset

407f9ec8a17348dfba3b9450a16639d3

N/A

MySQL - SQLi - Executable Comment - URI

Log

Block

This is a new detection.

Cloudflare Managed Ruleset

d07e6dbf15664b99b37b0d2544f24211

N/A

Magento 2 - Unrestricted file upload - 2

Log

Block

This is a new detection.

Cloudflare Managed Ruleset

26ef21cb197b44fc8a98b7cebf170a17

N/A

Apache ActiveMQ - Remote Code Execution - CVE:CVE-2026-34197

Log

Block

This is a new detection.

Cloudflare Managed Ruleset

7f7bc3d28a8e43bf97bd15d68c2ac1a7

N/A

SQLi - Sleep Function - Beta

Log

Block

This is a new detection. This rule is merged into the original rule "SQLi - Sleep Function" (ID: 2c333735f7b24566b17cb64ef77e8d54 )

Cloudflare Managed Ruleset

3872e5638bdf4bf0943a80394dacaeb8

N/A

SQLi - Sleep Function - Headers

Log

Block

This is a new detection.

Cloudflare Managed Ruleset

bebce8fadfa94ccab09eb74fed4c9ece

N/A

SQLi - Sleep Function - URI

Log

Block

This is a new detection.

Cloudflare Managed Ruleset

7a40eed5a8654a50a2598a821dfa64df

N/A

SQLi - Probing - uri

Log

Block

This is a new detection.

Cloudflare Managed Ruleset

15c6b2ce033949b2a1a9f9454c62e2e7

N/A

SQLi - Probing - header

Log

Block

This is a new detection.

Cloudflare Managed Ruleset

fc9d800b7a724181af8d5650aab28ea1

N/A

SQLi - Probing - body

Disabled

Disabled

This is a new detection. This rule is merged into the original rule "SQLi - Probing" (ID: 2c20b5e8684043f48620ff77b4026c88 )

Cloudflare Managed Ruleset

945c5aa9f45141dd872d7ec920999be0

N/A

SQLi - Probing 2

Disabled

Disabled

This rule had duplicate detection logic and has been deprecated.

Cloudflare Managed Ruleset

f1771273700342758e73cf16d7aa0008

N/A

SQLi - UNION in MSSQL - Body

Disabled

Disabled

This rule has been renamed to differentiate from "SQLi - UNION in MSSQL" (ID: ef7db598c7654c729d9db56fee5e35fd ) and contains updated rule logic.

Cloudflare Managed Ruleset

3ffd242b4ba242ca965022d3a67d8561

N/A

SQLi - UNION - 3

Disabled

Disabled

This rule had duplicate detection logic and has been deprecated.

Cloudflare Managed Ruleset

5e69d599ad634c81abe36a5f0af34bba

N/A

XSS, HTML Injection - Embed Tag - URI

Disabled

Disabled

This is a new detection.

Cloudflare Managed Ruleset

2635275641bf44d4bad6a2e170282f38

N/A

XSS, HTML Injection - Embed Tag - Headers

Log

Block

This is a new detection.

Cloudflare Managed Ruleset

b3d033ea9f364574b0a2ec4223f4d718

N/A

XSS, HTML Injection - IFrame Tag - Src and Srcdoc Attributes - Headers

Log

Disabled

This is a new detection.

Cloudflare Managed Ruleset

76c37816ef5c4997ab2080a36978def1

N/A

XSS, HTML Injection - Link Tag - Headers

Log

Disabled

This is a new detection.

Cloudflare Managed Ruleset

7d6757e8a28f4853a72b4ce6ebd81645

N/A

XSS, HTML Injection - Link Tag - URI

Disabled

Disabled

This is a new detection.

Fetched June 19, 2026