{"id":187,"date":"2026-01-26T00:00:00","date_gmt":"2026-01-26T00:00:00","guid":{"rendered":"https:\/\/wordpress.securinsight.ca\/index.php\/2026\/01\/26\/waf-waf-release-2026-01-26\/"},"modified":"2026-01-26T00:00:00","modified_gmt":"2026-01-26T00:00:00","slug":"waf-waf-release-2026-01-26","status":"publish","type":"post","link":"https:\/\/wordpress.securinsight.ca\/index.php\/2026\/01\/26\/waf-waf-release-2026-01-26\/","title":{"rendered":"WAF &#8211; WAF Release &#8211; 2026-01-26"},"content":{"rendered":"<p>This week\u2019s release introduces new detections for denial-of-service attempts targeting React CVE-2026-23864 (<a href=\"https:\/\/www.cve.org\/CVERecord?id=CVE-2026-23864\" target=\"_blank\">https:\/\/www.cve.org\/CVERecord?id=CVE-2026-23864<\/a>).<\/p>\n<p><strong>Key Findings<\/strong><\/p>\n<ul>\n<li>CVE-2026-23864 (<a href=\"https:\/\/www.cve.org\/CVERecord?id=CVE-2026-23864\" target=\"_blank\">https:\/\/www.cve.org\/CVERecord?id=CVE-2026-23864<\/a>) affects <code>react-server-dom-parcel<\/code>, <code>react-server-dom-turbopack<\/code>, and <code>react-server-dom-webpack<\/code> packages.<\/li>\n<li>Attackers can send crafted HTTP requests to Server Function endpoints, causing server crashes, out-of-memory exceptions, or excessive CPU usage.<\/li>\n<\/ul>\n<table>\n<thead>\n<tr>\n<th>Ruleset<\/th>\n<th>Rule ID<\/th>\n<th>Legacy Rule ID<\/th>\n<th>Description<\/th>\n<th>Previous Action<\/th>\n<th>New Action<\/th>\n<th>Comments<\/th>\n<\/tr>\n<\/thead>\n<tbody>\n<tr>\n<td>Cloudflare Managed Ruleset<\/td>\n<td>aaede80b4d414dc89c443cea61680354  <\/td>\n<td>N\/A<\/td>\n<td>React Server &#8211; DOS &#8211; CVE:CVE-2026-23864 &#8211; 1<\/td>\n<td>N\/A<\/td>\n<td>Block<\/td>\n<td>This is a new detection.<\/td>\n<\/tr>\n<tr>\n<td>Cloudflare Managed Ruleset<\/td>\n<td>3e93c9faaafa447c83a525f2dcdffcf8  <\/td>\n<td>N\/A<\/td>\n<td>React Server &#8211; DOS &#8211; CVE:CVE-2026-23864 &#8211; 2<\/td>\n<td>N\/A<\/td>\n<td>Block<\/td>\n<td>This is a new detection.<\/td>\n<\/tr>\n<tr>\n<td>Cloudflare Managed Ruleset<\/td>\n<td>930020d567684f19b05fb35b349edbc6  <\/td>\n<td>N\/A<\/td>\n<td>React Server &#8211; DOS &#8211; CVE:CVE-2026-23864 &#8211; 3<\/td>\n<td>N\/A<\/td>\n<td>Block<\/td>\n<td>This is a new detection.<\/td>\n<\/tr>\n<\/tbody>\n<\/table>","protected":false},"excerpt":{"rendered":"<p>This week\u2019s release introduces new detections for denial-of-service attempts targeting React CVE-2026-23864 (https:\/\/www.cve.org\/CVERecord?id=CVE-2026-23864). Key Findings CVE-2026-23864 (https:\/\/www.cve.org\/CVERecord?id=CVE-2026-23864) affects react-server-dom-parcel, react-server-dom-turbopack, and react-server-dom-webpack packages. Attackers can send crafted HTTP requests to Server Function endpoints, causing server crashes, out-of-memory exceptions, or excessive CPU usage. Ruleset Rule ID Legacy Rule ID Description Previous Action New Action Comments Cloudflare [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-187","post","type-post","status-publish","format-standard","hentry","category-uncategorized"],"_links":{"self":[{"href":"https:\/\/wordpress.securinsight.ca\/index.php\/wp-json\/wp\/v2\/posts\/187","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/wordpress.securinsight.ca\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/wordpress.securinsight.ca\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/wordpress.securinsight.ca\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/wordpress.securinsight.ca\/index.php\/wp-json\/wp\/v2\/comments?post=187"}],"version-history":[{"count":0,"href":"https:\/\/wordpress.securinsight.ca\/index.php\/wp-json\/wp\/v2\/posts\/187\/revisions"}],"wp:attachment":[{"href":"https:\/\/wordpress.securinsight.ca\/index.php\/wp-json\/wp\/v2\/media?parent=187"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/wordpress.securinsight.ca\/index.php\/wp-json\/wp\/v2\/categories?post=187"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/wordpress.securinsight.ca\/index.php\/wp-json\/wp\/v2\/tags?post=187"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}