26-002 (January 13, 2026)

* indicates a new version of an existing rule

Deep Packet Inspection Rules:

Adobe ColdFusion Central Config Server
1012491 - Adobe ColdFusion Directory Traversal Vulnerabilities (CVE-2025-61812 and CVE-2025-61822)


DCERPC Services - Client
1009058* - Detected Server Message Block (SMB) Outgoing Request


Flowise
1012507 - Flowise Command Injection Vulnerability (CVE-2025-8943)


React Server
1012511 - React Server Denial of Service Vulnerability (CVE-2025-55184)
1012512 - React Server Information Leak Vulnerability (CVE-2025-55183)


Unix Samba
1012409* - Linux Kernel KSMBD Use After Free Vulnerability (CVE-2025-37778)


Veeam Backup and Replication
1012501 - Veeam Backup and Replication Credential Disclosure Vulnerability (CVE-2023-27532)


Web Application Ruby Based
1012492* - Grafana Open Redirect Vulnerability (CVE-2025-6197)


Web Server HTTPS
1012435* - ZendTo Directory Traversal Vulnerability (CVE-2025-34508)


Webmin
1012479 - Webmin Cross-Site Scripting Vulnerability (CVE-2020-8821)


Integrity Monitoring Rules:

There are no new or updated Integrity Monitoring Rules in this Security Update.


Log Inspection Rules:

There are no new or updated Log Inspection Rules in this Security Update.