Skip to content

Changelog

New updates and improvements at Cloudflare.

hero image

WAF Release - 2026-07-01

This release adds targeted coverage for a path traversal flaw in Fortinet FortiSandbox (CVE-2026-39813) and transitions the Anomaly:Header:User-Agent - Fake Bing or MSN Bot rule action from Block to Disabled.

Key Findings

  • CVE-2026-39813: A path traversal vulnerability in Fortinet FortiSandbox allows remote, unauthenticated attackers to read arbitrary files from the underlying filesystem due to insufficient validation of user-supplied input paths.
RulesetRule IDLegacy Rule IDDescriptionPrevious ActionNew ActionComments
Cloudflare Managed Ruleset N/AFortinet FortiSandbox - Path Traversal - CVE:CVE-2026-39813LogBlock

This is a new detection.

Cloudflare Managed Ruleset N/AAnomaly:Header:User-Agent - Fake Bing or MSN BotEnabledDisabled

We are changing the action for this rule from BLOCK to Disabled