New WAF Detections Released
Cloudflare's Web Application Firewall (WAF) now includes protection against two significant vulnerabilities discovered in February 2026.
CVE-2025-64459: Django SQL Injection
Django versions prior to 5.1.14, 5.2.8, and 4.2.26 contain a SQL injection vulnerability. The flaw exists in QuerySet methods and the Q() class when processing crafted dictionaries, allowing attackers to execute arbitrary SQL queries. The new detection rule automatically blocks requests attempting to exploit this vulnerability.
CVE-2025-24893: XWiki Remote Code Execution
XWiki installations are vulnerable to unauthenticated remote code execution through the SolrSearch endpoint. This critical vulnerability affects entire XWiki installations regardless of authentication status. The WAF now blocks malicious requests targeting this endpoint by default.
Rule Updates
| Rule | Detection | New Action |
|---|---|---|
| XWiki RCE (CVE-2025-24893) | Remote Code Execution | Block |
| Django SQL Injection (CVE-2025-64459) | SQL Injection via QuerySet | Block |
Additionally, Cloudflare refined the metadata description for the NoSQL/MongoDB SQL injection detection rule while keeping its blocking behavior unchanged.
Action Items: Review your WAF rules to ensure these protections are enabled. If you're running affected Django or XWiki versions, prioritize patching while the WAF rules provide defense-in-depth protection.