From 70313ca6a74c992e475449af05ce9831d42511e4 Mon Sep 17 00:00:00 2001 From: ay-cf Date: Mon, 2 Mar 2026 15:26:00 +0800 Subject: [PATCH 1/3] Update waf change log March 3rd --- .../changelog/waf/2026-03-02-waf-release.mdx | 68 +++++++++++++++++++ 1 file changed, 68 insertions(+) create mode 100644 src/content/changelog/waf/2026-03-02-waf-release.mdx diff --git a/src/content/changelog/waf/2026-03-02-waf-release.mdx b/src/content/changelog/waf/2026-03-02-waf-release.mdx new file mode 100644 index 000000000000000..a4d7eba65465d50 --- /dev/null +++ b/src/content/changelog/waf/2026-03-02-waf-release.mdx @@ -0,0 +1,68 @@ +--- +title: "WAF Release - 2026-03-02" +description: Cloudflare WAF managed rulesets 2026-03-02 release +date: 2026-03-02 +--- + +import { RuleID } from "~/components"; + +This week's release introduces new detections for vulnerabilities in SmarterTools SmarterMail (CVE-2025-52691 and CVE-2026-23760), alongside improvements to an existing Command Injection (nslookup) detection to enhance coverage. + + +**Key Findings** + +- CVE-2025-52691: SmarterTools SmarterMail mailserver is vulnerable to Arbitrary File Upload, allowing an unauthenticated attacker to upload files to any location on the mail server, potentially enabling remote code execution. +- CVE-2026-23760: SmarterTools SmarterMail versions prior to build 9511 contain an authentication bypass vulnerability in the password reset API permitting unaunthenticated to reset system administrator accounts failing to verify existing password or reset token. + +**Impact** +Successful exploitation of these SmarterMail vulnerabilities could lead to full system compromise or unauthorized administrative access to mail servers. Administrators are strongly encouraged to apply vendor patches without delay. + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
RulesetRule IDLegacy Rule IDDescriptionPrevious ActionNew ActionComments
Cloudflare Managed Ruleset + + N/ASmarterMail - Arbitrary File Upload - CVE-2025-52691LogBlockThis is a new detection.
Cloudflare Managed Ruleset + + N/ASmarterMail - Authentication Bypass - CVE-2026-23760LogBlockThis is a new detection.
Cloudflare Managed Ruleset + + N/ACommand Injection - Nslookup - BetaLogBlockThis rule is merged into the original rule "Command Injection - Nslookup" (ID: )
From c7a8dcdc6ac43869cc4f89fd893a36505b1b5030 Mon Sep 17 00:00:00 2001 From: ay-cf Date: Mon, 2 Mar 2026 15:28:12 +0800 Subject: [PATCH 2/3] Update scheduled-waf-release.mdx --- .../changelog/waf/scheduled-waf-release.mdx | 34 ++++--------------- 1 file changed, 6 insertions(+), 28 deletions(-) diff --git a/src/content/changelog/waf/scheduled-waf-release.mdx b/src/content/changelog/waf/scheduled-waf-release.mdx index 585dd35cf2e059b..2b2c80494548cec 100644 --- a/src/content/changelog/waf/scheduled-waf-release.mdx +++ b/src/content/changelog/waf/scheduled-waf-release.mdx @@ -1,7 +1,7 @@ --- -title: WAF Release - Scheduled changes for 2026-03-02 -description: WAF managed ruleset changes scheduled for 2026-03-02 -date: 2026-02-25 +title: WAF Release - Scheduled changes for 2026-03-09 +description: WAF managed ruleset changes scheduled for 2026-03-09 +date: 2026-03-02 scheduled: true --- @@ -21,37 +21,15 @@ import { RuleID } from "~/components"; - 2026-02-25 2026-03-02 + 2026-03-09 Log N/A - + - SmarterMail - Arbitrary File Upload - CVE-2025-52691 + Ivanti EPMM - Code Injection - CVE:CVE-2026-1281 CVE:CVE-2026-1340 This is a new detection. - - 2026-02-25 - 2026-03-02 - Log - N/A - - - - SmarterMail - Authentication Bypass - CVE-2026-23760 - This is a new detection. - - - 2026-02-25 - 2026-03-02 - Log - N/A - - - - Command Injection - Nslookup - Beta - This rule will be merged into the original rule "Command Injection - Nslookup" (ID: ) - From 1859f4f201adef7b18facb43082c22325f308638 Mon Sep 17 00:00:00 2001 From: Pedro Sousa <680496+pedrosousa@users.noreply.github.com> Date: Mon, 2 Mar 2026 09:38:55 +0000 Subject: [PATCH 3/3] Apply suggestions from PCX review --- src/content/changelog/waf/2026-03-02-waf-release.mdx | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/src/content/changelog/waf/2026-03-02-waf-release.mdx b/src/content/changelog/waf/2026-03-02-waf-release.mdx index a4d7eba65465d50..5e417a5421f9c40 100644 --- a/src/content/changelog/waf/2026-03-02-waf-release.mdx +++ b/src/content/changelog/waf/2026-03-02-waf-release.mdx @@ -11,10 +11,11 @@ This week's release introduces new detections for vulnerabilities in SmarterTool **Key Findings** -- CVE-2025-52691: SmarterTools SmarterMail mailserver is vulnerable to Arbitrary File Upload, allowing an unauthenticated attacker to upload files to any location on the mail server, potentially enabling remote code execution. +- CVE-2025-52691: SmarterTools SmarterMail mail server is vulnerable to Arbitrary File Upload, allowing an unauthenticated attacker to upload files to any location on the mail server, potentially enabling remote code execution. - CVE-2026-23760: SmarterTools SmarterMail versions prior to build 9511 contain an authentication bypass vulnerability in the password reset API permitting unaunthenticated to reset system administrator accounts failing to verify existing password or reset token. **Impact** + Successful exploitation of these SmarterMail vulnerabilities could lead to full system compromise or unauthorized administrative access to mail servers. Administrators are strongly encouraged to apply vendor patches without delay. @@ -61,7 +62,7 @@ Successful exploitation of these SmarterMail vulnerabilities could lead to full - +
Command Injection - Nslookup - Beta Log BlockThis rule is merged into the original rule "Command Injection - Nslookup" (ID: )This rule is merged into the original rule "Command Injection - Nslookup" (ID: )