alert http any any -> $HOME_NET any (msg:"ET EXPLOIT RSI Queue Unauthenticated Blind SQL Injection (CVE-2025-26086)"; flow:established,to_server; http.method; content:"GET"; http.uri; content:"taskid|3d|"; nocase; fast_pattern; pcre:"/^[^\x26]*?(?:(?:[pP][gG]_)?[sS][lL][eE][eE][pP]\x28|[dD][eE][lL][aA][yY]\x20|[bB][eE][nN][cC][hH][mM][aA][rR][kK]\x28)/R"; reference:url,seclists.org/fulldisclosure/2025/May/21; reference:cve,2025-26086; classtype:web-application-activity; sid:2062512; rev:1; metadata:attack_target Server, created_at 2025_05_22, cve CVE_2025_26086, deployment Perimeter, deployment Internal, confidence High, signature_severity Major, tag Exploit, updated_at 2025_05_22, mitre_tactic_id TA0001, mitre_tactic_name Initial_Access, mitre_technique_id T1190, mitre_technique_name Exploit_Public_Facing_Application; target:dest_ip;)