The OWASP Core Rule Set version 4.26.0 has been released, enhancing web application firewalls with new detection signatures for modern attack tools such as WhatWAF and ghauri, and broadening checks across all HTTP headers. This update introduces rules to identify Server-Side Template Injection attacks and blocks requests aimed at sensitive system files that may be exposed due to misconfigured servers. Additionally, it addresses persistent false positives by improving MongoDB operator matching and refining HTTP request validation, making it crucial for web administrators to test the updated rules in detection mode before implementing them in production. Overall, the release aims to strengthen security while minimizing disruptions to legitimate traffic
OWASP CRS 4.26.0 released
The OWASP Core Rule Set version 4.26.0 strengthens web application firewalls by adding detection signatures for modern attack tools like WhatWAF and ghauri while expanding checks across all HTTP headers. It introduces new rules to catch Server-Side Template Injection attacks and blocks requests targeting sensitive system files that often leak through misconfigured servers. The update also tackles persistent false positives by refining MongoDB operator matching, removing outdated HTTP/0.9 compatibility, and fixing conflicts with common parameter names. Web administrators should deploy the updated rules in detection mode first to verify traffic patterns before switching to active blocking.
