26-007 (February 17, 2026)

* indicates a new version of an existing rule

Deep Packet Inspection Rules:

Microsoft Configuration Manager
1012519 - Microsoft Configuration Manager Elevation of Privilege Vulnerability (CVE-2025-55320) - 1


Redis Server
1012520 - Redis Remote Code Execution Vulnerability (CVE-2025-49844)


Web Application PHP Based
1012530 - WordPress 'Service Finder Bookings' Plugin Privilege Escalation Vulnerability (CVE-2025-23970)


Web Server Adobe ColdFusion
1012404* - Adobe ColdFusion Stored Cross-Site Scripting Vulnerability (CVE-2025-49540)


Web Server HTTPS
1012521* - HPE OneView Remote Code Execution Vulnerability (CVE-2025-37164)
1012527 - WordPress 'GreenShift - Animation and Page Builder Blocks' Plugin Arbitrary File Upload Vulnerability (CVE-2025-3616)


Webmin
1012479* - Webmin Cross-Site Scripting Vulnerability (CVE-2020-8821)


Zoho ManageEngine AssetExplorer_SupportCenter Plus_ADManager Plus
1012517* - Zoho ManageEngine Analytics Plus SQL Injection Vulnerability (CVE-2025-9428)


Integrity Monitoring Rules:

There are no new or updated Integrity Monitoring Rules in this Security Update.


Log Inspection Rules:

There are no new or updated Log Inspection Rules in this Security Update.