Rule testing allows you to monitor the real-time behavior of newly added or updated rule(s). For more information on rule testing, see Rule Testing for New or Updated Rule(s).
The following section highlights the threat types and rules that Traceable has added, updated, or removed, along with their severity:
2nd February 2026
This update expands attack coverage, improves detection accuracy, and reduces false positives. The following are some enhancements:
Introduces new WAF detection rules to target PHP vulnerabilities and expand coverage for previously unprotected attack vectors.
Enhances coverage to detect and block attacks by refining existing rules with stricter and more accurate signatures.
Improves detection of evasive attacks by enhancing signature logic and accuracy to identify attempts to bypass standard protections.
Refines sensitive rules aggressively, controlling over enabling rules that are more likely to result in false positives.
Added Threat Rules
Threat Rule | Threat Type | Is Aggressive | Severity |
|---|---|---|---|
NGINX Configuration Code Execution ( | Remote Code Execution | No | High |
PHP CGI Argument Injection ( | PHP Attacks | No | High |
PHP Injection Attack: Variable Function Call Found (210) | PHP Attacks | Yes | High |
PHP Injection Attack: High-Risk PHP Function Call | PHP Attacks | No | High |
Updated Threat Rules
Threat Rule | Threat Type | Is Aggressive | Severity |
|---|---|---|---|
DB code execution and information gathering attempts | SQL Injection | No | High |
HTTP Request Smuggling Attack (Content-Length/Transfer-Encoding Confusion) | HTTP Protocol Attacks | No | High |
Java Spring Core: RCE ( | Java Application Attacks | No | Critical |
NoScript XSS InjectionChecker: Attribute Injection ( | Cross-Site Scripting (XSS) | No | High |
Request argument associated with security scanner | Scanner Detection | No | Low |
User-Agent associated with a security scanner | Scanner Detection | No | Medium |
XSS InjectionChecker: HTML Injection | Cross-Site Scripting (XSS) | No | High |
Added Threat Types
Threat Type | Threat Rule |
|---|---|
PHP Attacks |
|
5th December 2025
This update enhances overall protection capabilities. The following are some enhancements:
Introduces new WAF detection rules for
ReactandNext.jsServer Functions targeting (CVE-2025-55182).Enhances coverage to detect and block malicious deserialization attempts within server function execution paths.
Added Threat Rules
Threat Rule | Threat Type | Is Aggressive | Severity |
|---|---|---|---|
React and Next.js Server Functions Deserialization RCE ( | Remote Code Execution | No | High |
ReactJS Server Functions Deserialization RCE ( | Remote Code Execution | No | High |
13th October 2025
This update enhances overall detection accuracy and protection capabilities. The following are some enhancements:
Protects against evasion-based attacks.
Safeguards your systems from known CVEs and code injection threats.
Reduces false positives with improvements from Traceable’s in-house regex assembler.
Added Threat Rules
Threat Rule | Threat Type | Is Aggressive | Severity |
|---|---|---|---|
Authorization Bypass in Next.js Middleware: ( | Basic Authentication Violation | No | High |
Concatenated basic SQL injection and SQLLFI attempts ( | SQL Injection | No | High |
Concatenated basic SQL injection and SQLLFI attempts (360) | SQL Injection | Yes | Medium |
Remote Command Execution: Unix Command Injection ( | Remote Code Execution | No | High |
Remote Command Execution: Unix Command Injection ( | Remote Code Execution | No | High |
Authorization Bypass in Next.js Middleware: ( | Basic Authentication Violation | No | High |
Updated Threat Rules
Threat Rule | Threat Type | Aggressive | Severity |
|---|---|---|---|
JSFuck / Hieroglyphy Obfuscation | Cross-Site Scripting (XSS) | No | Low |
Mail Injection: Protocol Manipulation | HTTP Protocol Attacks | No | High |
Remote Command Execution: Windows PowerShell Command | Remote Code Execution | Yes | High |
Path Traversal Attack (/../) | Local File Inclusion | No | Medium |
MySQL and PostgreSQL Stored Procedure/Function Injections | SQL Injection | Yes | Medium |
DB Code Execution and Information Gathering Attempts | SQL Injection | No | High |
Suspicious Java Class | Java Application Attacks | No | High |
SQL Code Execution and Information Gathering Attempts | SQL Injection | Yes | Medium |
Restricted File Access Attempt | Local File Inclusion | Yes | Medium |
Request Header Associated with Security Scanner | Scanner Detection | No | Medium |
Conditional SQL Injection Attempts | SQL Injection | Yes | Medium |
Request Filename/Argument Associated with Security Scanner | Scanner Detection | No | Low |
OS File Access Attempt | Local File Inclusion | Yes | Medium |
XML External Entity Injection: Local/Remote Includes | XML External Entity Injection (XXE) | No | High |
NoScript XSS InjectionChecker: HTML Injection | Cross-Site Scripting (XSS) | Yes | Medium |
LDAP Injection Attack | HTTP Protocol Attacks | No | High |
XSS InjectionChecker: HTML Injection | Cross-Site Scripting (XSS) | No | High |
Remote Command Execution: Unix Shell Code | Remote Code Execution | No | High |
GraphQL Introspection Query Detected | GraphQL Attacks | No | Medium |
Java Spring Core: RCE (CVE-2022-22965) | Java Application Attacks | No | Critical |
Server-Side Template Injection (SSTI) Attempt | Remote Code Execution | No | High |
Remote Command Execution: Windows Command Injection | Remote Code Execution | Yes | Medium |
NoScript XSS InjectionChecker: Attribute Injection | Cross-Site Scripting (XSS) | Yes | Medium |
SQL Injection Attack: Common DB Names | SQL Injection | Yes | Low |
Added Threat Types
Threat Type | Threat Rule |
|---|---|
Basic Authentication Violation | Authorization Bypass in Next.js Middleware: (CVE-2025-29927) |