Add vpatch-CVE-2026-2699 rule and test

[crowdsec-automation]

This rule detects unauthenticated access attempts to the sensitive /ConfigService/Admin.aspx endpoint in Progress ShareFile Storage Zones Controller. The nuclei template demonstrates that an attacker can directly access this configuration page without authentication, which is the core of the authentication bypass vulnerability (CVE-2026-2699).

• The rule matches any HTTP request where the URI contains /configservice/admin.aspx, using a case-insensitive (lowercase) transformation to ensure normalization.
• No additional argument or header checks are needed, as the exploit is based solely on direct access to this endpoint.
• The labels section includes the correct CVE, ATT&CK, and CWE references, and the product/vuln class label is formatted as required.

Validation Checklist:

• All value: fields are lowercase.
• transform includes lowercase.
• No match.value contains capital letters.
• The rule uses contains instead of regex where applicable.

[github-actions]

Hello @crowdsec-automation and thank you for your contribution!

❗ It seems that the following scenarios are not part of the 'crowdsecurity/appsec-virtual-patching' collection:

🔴 crowdsecurity/vpatch-CVE-2026-2699 🔴

[github-actions]

Hello @crowdsec-automation,

Scenarios/AppSec Rule are compliant with the taxonomy, thank you for your contribution!