WAF Weekly: F5 Ships AI WAF, Ivanti Sentry Exploited, June 6-12 2026

F5 Adds AI-Powered WAF and Virtual Patching to WAAP Platform

F5 expanded its web application and API protection (WAAP) capabilities this week with three additions. The headline feature is an AI-powered WAF for Distributed Cloud Services that uses a neural network to score every request in real time instead of relying on signature matching. F5 also shipped an on-premises API Security Local Edition for air-gapped environments, and enhanced virtual patching that combines BIG-IP Advanced WAF with Distributed Cloud Web App Scanning to apply runtime protection while teams fix the underlying code.

F5 says it is actively working to bring the neural-network WAF to BIG-IP, NGINX Plus, and NGINX Open Source for customers running outside the cloud.

WAFplanet take: The move to behavioral scoring over signatures is where the industry is heading. Signatures cannot keep pace with AI-generated attack variants. The real test will be false positive rates at scale. If F5 can keep those low without manual tuning, this becomes a genuine differentiator against Cloudflare and Akamai.

Ivanti Sentry CVSS 10.0 Flaw Actively Exploited Within 24 Hours

Ivanti patched a maximum-severity command injection vulnerability (CVE-2026-10520) in Sentry on Tuesday. By Wednesday, the Shadowserver Foundation reported that attackers had already backdoored most internet-exposed Sentry gateways. The flaw allows root-level code execution on the secure mobile gateway appliance, and a public proof-of-concept accelerated exploitation.

Shadowserver found 19 exposed instances in their own scans, with at least 2 confirmed backdoored, but notes that the real number is likely higher because many Sentry instances block scanning.

WAFplanet take: This is a gateway appliance, not a web app, but the pattern matters. A CVSS 10.0 flaw went from patch to mass exploitation in under 24 hours. Any security infrastructure exposed to the internet is a target. If you run perimeter security appliances, the patch window is now measured in hours, not days.

ShinyHunters Exploits Oracle PeopleSoft Zero-Day, Breaches 100+ Organizations

The ShinyHunters group (tracked by Mandiant as UNC6240) exploited an unpatched Oracle PeopleSoft RCE flaw (CVE-2026-35273, CVSS 9.8) between May 27 and June 9 to steal data from universities and enterprises. Oracle did not publish its advisory until June 10, meaning the bug was a true zero-day for the entire attack window. The flaw requires no authentication and no user interaction, just HTTP access to the Environment Management Hub.

WAFplanet take: This is a textbook case for virtual patching. Organizations running PeopleSoft with internet-facing endpoints had no vendor patch available for two weeks. A properly configured WAF with generic RCE detection rules could have blocked or at least flagged the exploit attempts. The longer takeaway: if you expose enterprise middleware to the internet, a WAF is not optional.

Palo Alto Networks Patches PAN-OS and Cortex Vulnerabilities

Palo Alto Networks released patches for multiple vulnerabilities this week, including CVE-2026-0274, a high-severity credential validation flaw in Cortex XSOAR and XSIAM. A separate PAN-OS vulnerability lets attackers bypass firewall security and establish unauthorized GlobalProtect VPN connections. Eight additional medium and low-severity fixes cover PAN-OS, Prisma Access Agent, and GlobalProtect App.

WAFplanet take: Firewall vendors patching their own firewall software is the kind of irony the industry needs to take seriously. Defense-in-depth means not trusting any single layer, including the firewall itself.

Microsoft June Patch Tuesday: 200 Flaws, 6 Zero-Days

Microsoft's June 2026 Patch Tuesday addressed 200 vulnerabilities, including 33 critical flaws and 6 zero-days (5 publicly disclosed, 1 actively exploited). The critical bugs include 28 remote code execution vulnerabilities. Google also fixed 360 Chromium flaws this month. Splunk separately patched CVE-2026-20253 (CVSS 9.8), a critical unauthenticated file creation flaw in Splunk Enterprise via an exposed PostgreSQL sidecar endpoint.

WAFplanet take: Patch Tuesday remains the largest single-day vulnerability dump in the industry. For WAF operators, the immediate concern is the web-facing subset: RCE bugs in services that handle HTTP. The Splunk Enterprise flaw is particularly concerning because it is unauthenticated and network-reachable. If your SIEM dashboard is internet-exposed, patch now.

Nokia Launches Deepfield Genome Shield for Proactive DDoS Protection

Nokia introduced Deepfield Genome Shield, a security automation platform for telecom providers, hosting companies, and cloud builders. The system shifts from reactive scrubber-based DDoS mitigation to proactive enforcement using existing network infrastructure. Nokia cites residential proxy botnets comprising 200 million compromised devices capable of generating 250-600 Tbps attacks with rapid IP rotation.

WAFplanet take: This is infrastructure-layer protection, not application-layer, but the trend it addresses hits WAF users directly. Multi-terabit DDoS bursts lasting seconds bypass traditional scrubbing. If your upstream provider cannot absorb these micro-bursts, your WAF never gets the chance to inspect traffic. Nokia's approach of pushing enforcement to the network edge is the right architectural direction.

Also Notable

• Langflow RCE (CVE-2026-5027): Path traversal in the AI development platform enables unauthenticated code execution. Approximately 7,000 instances exposed online. Another reminder that AI tooling infrastructure is a growing attack surface.
• Comcast Business SecurityEdge Preferred: Nationwide launch of managed security for SMBs. Network-level threat blocking, not a WAF, but it reflects growing demand for security-as-default at the ISP level.

The Week's Bigger Picture

This was a week defined by speed. Ivanti Sentry went from patch to mass exploitation in a day. ShinyHunters ran a zero-day campaign for two weeks before the vendor even acknowledged it. F5 responded by betting on neural networks over signatures. The message is consistent: static defenses cannot keep up. Whether you run a WAF, a firewall, or a mobile gateway, the attack window is compressing and the only response is automation, behavioral detection, and aggressive patching. If your security stack still depends on humans reading advisories before acting, this week showed why that model is broken.