diff --git a/.appsec-tests/vpatch-CVE-2024-28752/CVE-2024-28752.yaml b/.appsec-tests/vpatch-CVE-2024-28752/CVE-2024-28752.yaml
new file mode 100644
index 00000000000..f63f8d9b2c8
--- /dev/null
+++ b/.appsec-tests/vpatch-CVE-2024-28752/CVE-2024-28752.yaml
@@ -0,0 +1,34 @@
+## autogenerated on 2026-07-01 13:06:32
+id: CVE-2024-28752
+info:
+ name: CVE-2024-28752
+ author: crowdsec
+ severity: info
+ description: CVE-2024-28752 testing
+ tags: appsec-testing
+http:
+ - raw:
+ - |
+ POST /test HTTP/1.1
+ Host: {{Hostname}}
+ Content-Type: multipart/related; boundary=----nucleibound
+
+ ------nucleibound
+ Content-Disposition: form-data; name="1"
+
+
+
+
+
+
+
+
+
+
+
+ ------nucleibound--
+ cookie-reuse: true
+ matchers:
+ - type: status
+ status:
+ - 403
diff --git a/.appsec-tests/vpatch-CVE-2024-28752/config.yaml b/.appsec-tests/vpatch-CVE-2024-28752/config.yaml
new file mode 100644
index 00000000000..2cb02df749e
--- /dev/null
+++ b/.appsec-tests/vpatch-CVE-2024-28752/config.yaml
@@ -0,0 +1,5 @@
+## autogenerated on 2026-07-01 13:06:32
+appsec-rules:
+ - ./appsec-rules/crowdsecurity/base-config.yaml
+ - ./appsec-rules/crowdsecurity/vpatch-CVE-2024-28752.yaml
+nuclei_template: CVE-2024-28752.yaml
diff --git a/appsec-rules/crowdsecurity/vpatch-CVE-2024-28752.yaml b/appsec-rules/crowdsecurity/vpatch-CVE-2024-28752.yaml
new file mode 100644
index 00000000000..ab4b3e44dec
--- /dev/null
+++ b/appsec-rules/crowdsecurity/vpatch-CVE-2024-28752.yaml
@@ -0,0 +1,31 @@
+## autogenerated on 2026-07-01 13:06:32
+name: crowdsecurity/vpatch-CVE-2024-28752
+description: 'Detects SSRF and local file read attempts in Apache CXF via XOP Include in multipart SOAP requests.'
+rules:
+ - and:
+ - zones:
+ - URI
+ transform:
+ - lowercase
+ match:
+ type: contains
+ value: /test
+ - zones:
+ - RAW_BODY
+ transform:
+ - lowercase
+ match:
+ type: contains
+ value: '