{"id":324,"date":"2026-03-30T00:00:00","date_gmt":"2026-03-30T00:00:00","guid":{"rendered":"https:\/\/wordpress.securinsight.ca\/index.php\/2026\/03\/30\/waf-waf-release-2026-03-30\/"},"modified":"2026-03-30T00:00:00","modified_gmt":"2026-03-30T00:00:00","slug":"waf-waf-release-2026-03-30","status":"publish","type":"post","link":"https:\/\/wordpress.securinsight.ca\/index.php\/2026\/03\/30\/waf-waf-release-2026-03-30\/","title":{"rendered":"WAF &#8211; WAF Release &#8211; 2026-03-30"},"content":{"rendered":"<p>This week&#8217;s release introduces new detections for a critical authentication bypass vulnerability in Fortinet products (CVE-2025-59718), alongside three new generic detection rules designed to identify and block HTTP Parameter Pollution attempts. Additionally, this release includes targeted protection for a high-impact unrestricted file upload vulnerability in Magento and Adobe Commerce.<\/p>\n<p><strong>Key Findings<\/strong><\/p>\n<ul>\n<li>\n<p>CVE-2025-59718: An improper cryptographic signature verification vulnerability in Fortinet FortiOS, FortiProxy, and FortiSwitchManager. This may allow an unauthenticated attacker to bypass the FortiCloud SSO login authentication using a maliciously crafted SAML message, if that feature is enabled on the device.<\/p>\n<\/li>\n<li>\n<p>Magento 2 &#8211; Unrestricted File Upload: A critical flaw in Magento and Adobe Commerce allows unauthenticated attackers to bypass security checks and upload malicious files to the server, potentially leading to Remote Code Execution (RCE).<\/p>\n<\/li>\n<\/ul>\n<p><strong>Impact<\/strong><\/p>\n<p>Successful exploitation of the Fortinet and Magento vulnerabilities could allow unauthenticated attackers to gain administrative control or deploy webshells, leading to complete server compromise and data theft.<\/p>\n\n<p><\/p>\n\n<p><\/p>\n<table>\n<thead>\n<tr>\n<th>Ruleset<\/th>\n<th>Rule ID<\/th>\n<th>Legacy Rule ID<\/th>\n<th>Description<\/th>\n<th>Previous Action<\/th>\n<th>New Action<\/th>\n<th>Comments<\/th>\n<\/tr>\n<\/thead>\n<tbody>\n<tr>\n<td>Cloudflare Managed Ruleset<\/td>\n<td>4f7d513cea424c2a853881982f7f95e9 <\/td>\n<td>N\/A<\/td>\n<td>Generic Rules &#8211; Parameter Pollution &#8211; Body<\/td>\n<td>Log<\/td>\n<td>Disabled<\/td>\n<td>This is a new detection.<\/td>\n<\/tr>\n<tr>\n<td>Cloudflare Managed Ruleset<\/td>\n<td>60d023f3be414d379428add3319731a4 <\/td>\n<td>N\/A<\/td>\n<td>Generic Rules &#8211; Parameter Pollution &#8211; Header &#8211; Form<\/td>\n<td>Log<\/td>\n<td>Disabled<\/td>\n<td>This is a new detection.<\/td>\n<\/tr>\n<tr>\n<td>Cloudflare Managed Ruleset<\/td>\n<td>2dde02d792ad41ec8fd65c2bdef262dd <\/td>\n<td>N\/A<\/td>\n<td>Generic Rules &#8211; Parameter Pollution &#8211; URI<\/td>\n<td>Log<\/td>\n<td>Disabled<\/td>\n<td>This is a new detection.<\/td>\n<\/tr>\n<tr>\n<td>Cloudflare Managed Ruleset<\/td>\n<td>ab8a96ed13034d56a81a79e570a36147 <\/td>\n<td>N\/A<\/td>\n<td>Magento 2 &#8211; Unrestricted file upload<\/td>\n<td>Log<\/td>\n<td>Block<\/td>\n<td>This is a new detection.<\/td>\n<\/tr>\n<tr>\n<td>Cloudflare Managed Ruleset<\/td>\n<td>0a13a38dd81c44688950444e2ffcca9f <\/td>\n<td>N\/A<\/td>\n<td>Fortinet FortiCloud SSO &#8211; Authentication Bypass &#8211; CVE:CVE-2025-59718<\/td>\n<td>Log<\/td>\n<td>Block<\/td>\n<td>This is a new detection.<\/td>\n<\/tr>\n<\/tbody>\n<\/table>","protected":false},"excerpt":{"rendered":"<p>This week&#8217;s release introduces new detections for a critical authentication bypass vulnerability in Fortinet products (CVE-2025-59718), alongside three new generic detection rules designed to identify and block HTTP Parameter Pollution attempts. Additionally, this release includes targeted protection for a high-impact unrestricted file upload vulnerability in Magento and Adobe Commerce. Key Findings CVE-2025-59718: An improper cryptographic [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-324","post","type-post","status-publish","format-standard","hentry","category-uncategorized"],"_links":{"self":[{"href":"https:\/\/wordpress.securinsight.ca\/index.php\/wp-json\/wp\/v2\/posts\/324","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/wordpress.securinsight.ca\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/wordpress.securinsight.ca\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/wordpress.securinsight.ca\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/wordpress.securinsight.ca\/index.php\/wp-json\/wp\/v2\/comments?post=324"}],"version-history":[{"count":0,"href":"https:\/\/wordpress.securinsight.ca\/index.php\/wp-json\/wp\/v2\/posts\/324\/revisions"}],"wp:attachment":[{"href":"https:\/\/wordpress.securinsight.ca\/index.php\/wp-json\/wp\/v2\/media?parent=324"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/wordpress.securinsight.ca\/index.php\/wp-json\/wp\/v2\/categories?post=324"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/wordpress.securinsight.ca\/index.php\/wp-json\/wp\/v2\/tags?post=324"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}