Rule testing allows you to monitor the real-time behavior of newly added or updated rule(s). For more information on rule testing, see Rule Testing for New or Updated Rule(s).
The following section highlights the threat types and rules that Traceable has added, updated, or removed, along with their severity:
29th April 2026
This update enhances overall detection accuracy, expands attack coverage, and strengthens protection through refined rule logic and improved signature enforcement. The following are some enhancements:
Improves detection precision and expands attack coverage by refining how request data is analyzed and decoded.
Strengthens protection through updated signatures across key attack vectors, such as LDAP Injection, SSTI, PHP Injection, XSS, SQL Injection, File Access, and obfuscation techniques.
Enforces stricter SQL Injection rules in block mode to improve defense against high-confidence threats.
Improves overall consistency and reliability across detection categories with refined rule logic.
Updated threat rules
Threat Rule | Threat Type | Is Aggressive | Severity |
|---|---|---|---|
LDAP Injection Attack | HTTP Protocol Attacks | No | High |
PHP Injection Attack: High-Risk PHP Function Call | PHP Attacks | No | High |
Server Side Template Injection (SSTI) Attempt | Remote Code Execution | No | High |
OS File Access Attempt (120) | Local File Inclusion | Yes | Medium |
Blind SQLI Tests using sleep or benchmark | SQL Injection | No | Medium |
Concatenated SQL Injection and SQLLFI Attempts ( | SQL Injection | No | High |
XSS InjectionChecker: HTML Injection | Cross-Site Scripting (XSS) | No | High |
NoScript XSS InjectionChecker: HTML Injection | Cross-Site Scripting (XSS) | Yes | Medium |
JSFuck / Hieroglyphy Obfuscation | Cross-Site Scripting (XSS) | No | Low |
2nd February 2026
This update expands attack coverage, improves detection accuracy, and reduces inaccuracies. The following are some enhancements:
Introduces new WAF detection rules to target PHP vulnerabilities and expand coverage for previously unprotected attack vectors.
Enhances coverage by refining existing rules with stricter, more accurate signatures to detect and block attacks.
Improves detection of evasive attacks by enhancing signature logic and accuracy to identify attempts to bypass standard protections.
Refines sensitive rules aggressively, controlling over enabling rules that are more likely to result in false positives.
Added threat rules
Threat Rule | Threat Type | Is Aggressive | Severity |
|---|---|---|---|
NGINX Configuration Code Execution ( | Remote Code Execution | No | High |
PHP CGI Argument Injection ( | PHP Attacks | No | High |
PHP Injection Attack: Variable Function Call Found (210) | PHP Attacks | Yes | High |
PHP Injection Attack: High-Risk PHP Function Call | PHP Attacks | No | High |
Updated threat rules
Threat Rule | Threat Type | Is Aggressive | Severity |
|---|---|---|---|
DB code execution and information gathering attempts | SQL Injection | No | High |
HTTP Request Smuggling Attack (Content-Length/Transfer-Encoding Confusion) | HTTP Protocol Attacks | No | High |
Java Spring Core: RCE ( | Java Application Attacks | No | Critical |
NoScript XSS InjectionChecker: Attribute Injection ( | Cross-Site Scripting (XSS) | No | High |
Request argument associated with security scanner | Scanner Detection | No | Low |
User-Agent associated with a security scanner | Scanner Detection | No | Medium |
XSS InjectionChecker: HTML Injection | Cross-Site Scripting (XSS) | No | High |
Added threat types
Threat Type | Threat Rule |
|---|---|
PHP Attacks |
|
5th December 2025
This update enhances overall protection capabilities. The following are some enhancements:
Introduces new WAF detection rules for
ReactandNext.jsServer Functions targeting (CVE-2025-55182).Enhances coverage to detect and block malicious deserialization attempts within server function execution paths.
Added threat rules
Threat Rule | Threat Type | Is Aggressive | Severity |
|---|---|---|---|
React and Next.js Server Functions Deserialization RCE ( | Remote Code Execution | No | High |
ReactJS Server Functions Deserialization RCE ( | Remote Code Execution | No | High |
13th October 2025
This update enhances overall detection accuracy and protection capabilities. The following are some enhancements:
Protects against evasion-based attacks.
Safeguards your systems from known CVEs and code injection threats.
Reduces false positives with improvements from Traceable’s in-house regex assembler.
Added threat rules
Threat Rule | Threat Type | Is Aggressive | Severity |
|---|---|---|---|
Authorization Bypass in Next.js Middleware: ( | Basic Authentication Violation | No | High |
Concatenated basic SQL injection and SQLLFI attempts ( | SQL Injection | No | High |
Concatenated basic SQL injection and SQLLFI attempts (360) | SQL Injection | Yes | Medium |
Remote Command Execution: Unix Command Injection ( | Remote Code Execution | No | High |
Remote Command Execution: Unix Command Injection ( | Remote Code Execution | No | High |
Authorization Bypass in Next.js Middleware: ( | Basic Authentication Violation | No | High |
Updated threat rules
Threat Rule | Threat Type | Aggressive | Severity |
|---|---|---|---|
JSFuck / Hieroglyphy Obfuscation | Cross-Site Scripting (XSS) | No | Low |
Mail Injection: Protocol Manipulation | HTTP Protocol Attacks | No | High |
Remote Command Execution: Windows PowerShell Command | Remote Code Execution | Yes | High |
Path Traversal Attack (/../) | Local File Inclusion | No | Medium |
MySQL and PostgreSQL Stored Procedure/Function Injections | SQL Injection | Yes | Medium |
DB Code Execution and Information Gathering Attempts | SQL Injection | No | High |
Suspicious Java Class | Java Application Attacks | No | High |
SQL Code Execution and Information Gathering Attempts | SQL Injection | Yes | Medium |
Restricted File Access Attempt | Local File Inclusion | Yes | Medium |
Request Header Associated with Security Scanner | Scanner Detection | No | Medium |
Conditional SQL Injection Attempts | SQL Injection | Yes | Medium |
Request Filename/Argument Associated with Security Scanner | Scanner Detection | No | Low |
OS File Access Attempt | Local File Inclusion | Yes | Medium |
XML External Entity Injection: Local/Remote Includes | XML External Entity Injection (XXE) | No | High |
NoScript XSS InjectionChecker: HTML Injection | Cross-Site Scripting (XSS) | Yes | Medium |
LDAP Injection Attack | HTTP Protocol Attacks | No | High |
XSS InjectionChecker: HTML Injection | Cross-Site Scripting (XSS) | No | High |
Remote Command Execution: Unix Shell Code | Remote Code Execution | No | High |
GraphQL Introspection Query Detected | GraphQL Attacks | No | Medium |
Java Spring Core: RCE (CVE-2022-22965) | Java Application Attacks | No | Critical |
Server-Side Template Injection (SSTI) Attempt | Remote Code Execution | No | High |
Remote Command Execution: Windows Command Injection | Remote Code Execution | Yes | Medium |
NoScript XSS InjectionChecker: Attribute Injection | Cross-Site Scripting (XSS) | Yes | Medium |
SQL Injection Attack: Common DB Names | SQL Injection | Yes | Low |
Added threat types
Threat Type | Threat Rule |
|---|---|
Basic Authentication Violation | Authorization Bypass in Next.js Middleware: ( |