New WAF Detection Rule

Cloudflare is releasing a new Web Application Firewall (WAF) detection rule to protect against code injection attacks targeting Ivanti EPMM (Enterprise Patch Management Module).

CVEs Covered

The new rule addresses two critical vulnerabilities:

• CVE-2026-1281
• CVE-2026-1340

Rollout Details

• Release Date: March 9, 2026
• Initial Behavior: Log-only mode (non-blocking)
• Rule ID: ...796ea2f6

What You Need to Know

This is a new detection rule, meaning it was not previously available in the WAF ruleset. The rule will initially operate in log-only mode, allowing you to observe and validate the detection behavior before it begins actively blocking requests. You can review logs to understand the impact on your traffic and adjust settings as needed before considering blocking mode.

If you have Ivanti EPMM systems in your infrastructure, monitor the WAF logs starting March 9 to understand how this rule affects your traffic patterns.