Vulnerability-Lookup

WID-SEC-W-2026-1532

Vulnerability from csaf_certbund - Published: 2026-05-14 22:00 - Updated: 2026-05-14 22:00

Summary

F5 BIG-IP Produkte: Mehrere Schwachstellen

Severity

Mittel

Notes

Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.

Produktbeschreibung: BIG-IP ist eine Netzwerk Appliance auf der die meisten F5 Produkte laufen.

Angriff: Ein Angreifer kann mehrere Schwachstellen in F5 BIG-IP ausnutzen, um beliebigen Programmcode auszuführen, erweiterte Berechtigungen zu erlangen, Sicherheitsmaßnahmen zu umgehen, Daten zu manipulieren oder offenzulegen oder einen Denial-of-Service-Zustand zu verursachen.

Betroffene Betriebssysteme: - Sonstiges

CVE-2026-24464

Affected products

Known affected 10 products

Product	Identifier	Version
F5 BIG-IP SSL Orchestrator F5 / BIG-IP	`cpe:/a:f5:big-ip:ssl_orchestrator`	SSL Orchestrator
F5 BIG-IP DNS F5 / BIG-IP	`cpe:/a:f5:big-ip:dns`	DNS
F5 BIG-IP APM F5 / BIG-IP	`cpe:/a:f5:big-ip:apm`	APM
F5 BIG-IP PEM F5 / BIG-IP	`cpe:/a:f5:big-ip:pem`	PEM
F5 BIG-IP DDoS Hybrid Defender F5 / BIG-IP	`cpe:/a:f5:big-ip:ddos_hybrid_defender`	DDoS Hybrid Defender
F5 BIG-IP Advanced WAF/ASM F5 / BIG-IP	`cpe:/a:f5:big-ip:advanced_wafasm`	Advanced WAF/ASM
F5 BIG-IP Next SPK F5 / BIG-IP	`cpe:/a:f5:big-ip:next_spk`	Next SPK
F5 BIG-IP Next for Kubernetes F5 / BIG-IP	`cpe:/a:f5:big-ip:next_for_kubernetes`	Next for Kubernetes
F5 BIG-IP Next CNF F5 / BIG-IP	`cpe:/a:f5:big-ip:next_cnf`	Next CNF
F5 BIG-IP F5 / BIG-IP	`cpe:/a:f5:big-ip:-`	—

CVE-2026-28758

Affected products

Known affected 10 products

Product	Identifier	Version
F5 BIG-IP SSL Orchestrator F5 / BIG-IP	`cpe:/a:f5:big-ip:ssl_orchestrator`	SSL Orchestrator
F5 BIG-IP DNS F5 / BIG-IP	`cpe:/a:f5:big-ip:dns`	DNS
F5 BIG-IP APM F5 / BIG-IP	`cpe:/a:f5:big-ip:apm`	APM
F5 BIG-IP PEM F5 / BIG-IP	`cpe:/a:f5:big-ip:pem`	PEM
F5 BIG-IP DDoS Hybrid Defender F5 / BIG-IP	`cpe:/a:f5:big-ip:ddos_hybrid_defender`	DDoS Hybrid Defender
F5 BIG-IP Advanced WAF/ASM F5 / BIG-IP	`cpe:/a:f5:big-ip:advanced_wafasm`	Advanced WAF/ASM
F5 BIG-IP Next SPK F5 / BIG-IP	`cpe:/a:f5:big-ip:next_spk`	Next SPK
F5 BIG-IP Next for Kubernetes F5 / BIG-IP	`cpe:/a:f5:big-ip:next_for_kubernetes`	Next for Kubernetes
F5 BIG-IP Next CNF F5 / BIG-IP	`cpe:/a:f5:big-ip:next_cnf`	Next CNF
F5 BIG-IP F5 / BIG-IP	`cpe:/a:f5:big-ip:-`	—

CVE-2026-32643

Affected products

Known affected 10 products

Product	Identifier	Version
F5 BIG-IP SSL Orchestrator F5 / BIG-IP	`cpe:/a:f5:big-ip:ssl_orchestrator`	SSL Orchestrator
F5 BIG-IP DNS F5 / BIG-IP	`cpe:/a:f5:big-ip:dns`	DNS
F5 BIG-IP APM F5 / BIG-IP	`cpe:/a:f5:big-ip:apm`	APM
F5 BIG-IP PEM F5 / BIG-IP	`cpe:/a:f5:big-ip:pem`	PEM
F5 BIG-IP DDoS Hybrid Defender F5 / BIG-IP	`cpe:/a:f5:big-ip:ddos_hybrid_defender`	DDoS Hybrid Defender
F5 BIG-IP Advanced WAF/ASM F5 / BIG-IP	`cpe:/a:f5:big-ip:advanced_wafasm`	Advanced WAF/ASM
F5 BIG-IP Next SPK F5 / BIG-IP	`cpe:/a:f5:big-ip:next_spk`	Next SPK
F5 BIG-IP Next for Kubernetes F5 / BIG-IP	`cpe:/a:f5:big-ip:next_for_kubernetes`	Next for Kubernetes
F5 BIG-IP Next CNF F5 / BIG-IP	`cpe:/a:f5:big-ip:next_cnf`	Next CNF
F5 BIG-IP F5 / BIG-IP	`cpe:/a:f5:big-ip:-`	—

CVE-2026-32673

Affected products

Known affected 10 products

Product	Identifier	Version
F5 BIG-IP SSL Orchestrator F5 / BIG-IP	`cpe:/a:f5:big-ip:ssl_orchestrator`	SSL Orchestrator
F5 BIG-IP DNS F5 / BIG-IP	`cpe:/a:f5:big-ip:dns`	DNS
F5 BIG-IP APM F5 / BIG-IP	`cpe:/a:f5:big-ip:apm`	APM
F5 BIG-IP PEM F5 / BIG-IP	`cpe:/a:f5:big-ip:pem`	PEM
F5 BIG-IP DDoS Hybrid Defender F5 / BIG-IP	`cpe:/a:f5:big-ip:ddos_hybrid_defender`	DDoS Hybrid Defender
F5 BIG-IP Advanced WAF/ASM F5 / BIG-IP	`cpe:/a:f5:big-ip:advanced_wafasm`	Advanced WAF/ASM
F5 BIG-IP Next SPK F5 / BIG-IP	`cpe:/a:f5:big-ip:next_spk`	Next SPK
F5 BIG-IP Next for Kubernetes F5 / BIG-IP	`cpe:/a:f5:big-ip:next_for_kubernetes`	Next for Kubernetes
F5 BIG-IP Next CNF F5 / BIG-IP	`cpe:/a:f5:big-ip:next_cnf`	Next CNF
F5 BIG-IP F5 / BIG-IP	`cpe:/a:f5:big-ip:-`	—

CVE-2026-34176

Affected products

Known affected 10 products

Product	Identifier	Version
F5 BIG-IP SSL Orchestrator F5 / BIG-IP	`cpe:/a:f5:big-ip:ssl_orchestrator`	SSL Orchestrator
F5 BIG-IP DNS F5 / BIG-IP	`cpe:/a:f5:big-ip:dns`	DNS
F5 BIG-IP APM F5 / BIG-IP	`cpe:/a:f5:big-ip:apm`	APM
F5 BIG-IP PEM F5 / BIG-IP	`cpe:/a:f5:big-ip:pem`	PEM
F5 BIG-IP DDoS Hybrid Defender F5 / BIG-IP	`cpe:/a:f5:big-ip:ddos_hybrid_defender`	DDoS Hybrid Defender
F5 BIG-IP Advanced WAF/ASM F5 / BIG-IP	`cpe:/a:f5:big-ip:advanced_wafasm`	Advanced WAF/ASM
F5 BIG-IP Next SPK F5 / BIG-IP	`cpe:/a:f5:big-ip:next_spk`	Next SPK
F5 BIG-IP Next for Kubernetes F5 / BIG-IP	`cpe:/a:f5:big-ip:next_for_kubernetes`	Next for Kubernetes
F5 BIG-IP Next CNF F5 / BIG-IP	`cpe:/a:f5:big-ip:next_cnf`	Next CNF
F5 BIG-IP F5 / BIG-IP	`cpe:/a:f5:big-ip:-`	—

CVE-2026-35062

Affected products

Known affected 10 products

Product	Identifier	Version
F5 BIG-IP SSL Orchestrator F5 / BIG-IP	`cpe:/a:f5:big-ip:ssl_orchestrator`	SSL Orchestrator
F5 BIG-IP DNS F5 / BIG-IP	`cpe:/a:f5:big-ip:dns`	DNS
F5 BIG-IP APM F5 / BIG-IP	`cpe:/a:f5:big-ip:apm`	APM
F5 BIG-IP PEM F5 / BIG-IP	`cpe:/a:f5:big-ip:pem`	PEM
F5 BIG-IP DDoS Hybrid Defender F5 / BIG-IP	`cpe:/a:f5:big-ip:ddos_hybrid_defender`	DDoS Hybrid Defender
F5 BIG-IP Advanced WAF/ASM F5 / BIG-IP	`cpe:/a:f5:big-ip:advanced_wafasm`	Advanced WAF/ASM
F5 BIG-IP Next SPK F5 / BIG-IP	`cpe:/a:f5:big-ip:next_spk`	Next SPK
F5 BIG-IP Next for Kubernetes F5 / BIG-IP	`cpe:/a:f5:big-ip:next_for_kubernetes`	Next for Kubernetes
F5 BIG-IP Next CNF F5 / BIG-IP	`cpe:/a:f5:big-ip:next_cnf`	Next CNF
F5 BIG-IP F5 / BIG-IP	`cpe:/a:f5:big-ip:-`	—

CVE-2026-39455

Affected products

Known affected 10 products

Product	Identifier	Version
F5 BIG-IP SSL Orchestrator F5 / BIG-IP	`cpe:/a:f5:big-ip:ssl_orchestrator`	SSL Orchestrator
F5 BIG-IP DNS F5 / BIG-IP	`cpe:/a:f5:big-ip:dns`	DNS
F5 BIG-IP APM F5 / BIG-IP	`cpe:/a:f5:big-ip:apm`	APM
F5 BIG-IP PEM F5 / BIG-IP	`cpe:/a:f5:big-ip:pem`	PEM
F5 BIG-IP DDoS Hybrid Defender F5 / BIG-IP	`cpe:/a:f5:big-ip:ddos_hybrid_defender`	DDoS Hybrid Defender
F5 BIG-IP Advanced WAF/ASM F5 / BIG-IP	`cpe:/a:f5:big-ip:advanced_wafasm`	Advanced WAF/ASM
F5 BIG-IP Next SPK F5 / BIG-IP	`cpe:/a:f5:big-ip:next_spk`	Next SPK
F5 BIG-IP Next for Kubernetes F5 / BIG-IP	`cpe:/a:f5:big-ip:next_for_kubernetes`	Next for Kubernetes
F5 BIG-IP Next CNF F5 / BIG-IP	`cpe:/a:f5:big-ip:next_cnf`	Next CNF
F5 BIG-IP F5 / BIG-IP	`cpe:/a:f5:big-ip:-`	—

CVE-2026-39458

Affected products

Known affected 10 products

Product	Identifier	Version
F5 BIG-IP SSL Orchestrator F5 / BIG-IP	`cpe:/a:f5:big-ip:ssl_orchestrator`	SSL Orchestrator
F5 BIG-IP DNS F5 / BIG-IP	`cpe:/a:f5:big-ip:dns`	DNS
F5 BIG-IP APM F5 / BIG-IP	`cpe:/a:f5:big-ip:apm`	APM
F5 BIG-IP PEM F5 / BIG-IP	`cpe:/a:f5:big-ip:pem`	PEM
F5 BIG-IP DDoS Hybrid Defender F5 / BIG-IP	`cpe:/a:f5:big-ip:ddos_hybrid_defender`	DDoS Hybrid Defender
F5 BIG-IP Advanced WAF/ASM F5 / BIG-IP	`cpe:/a:f5:big-ip:advanced_wafasm`	Advanced WAF/ASM
F5 BIG-IP Next SPK F5 / BIG-IP	`cpe:/a:f5:big-ip:next_spk`	Next SPK
F5 BIG-IP Next for Kubernetes F5 / BIG-IP	`cpe:/a:f5:big-ip:next_for_kubernetes`	Next for Kubernetes
F5 BIG-IP Next CNF F5 / BIG-IP	`cpe:/a:f5:big-ip:next_cnf`	Next CNF
F5 BIG-IP F5 / BIG-IP	`cpe:/a:f5:big-ip:-`	—

CVE-2026-39459

Affected products

Known affected 10 products

Product	Identifier	Version
F5 BIG-IP SSL Orchestrator F5 / BIG-IP	`cpe:/a:f5:big-ip:ssl_orchestrator`	SSL Orchestrator
F5 BIG-IP DNS F5 / BIG-IP	`cpe:/a:f5:big-ip:dns`	DNS
F5 BIG-IP APM F5 / BIG-IP	`cpe:/a:f5:big-ip:apm`	APM
F5 BIG-IP PEM F5 / BIG-IP	`cpe:/a:f5:big-ip:pem`	PEM
F5 BIG-IP DDoS Hybrid Defender F5 / BIG-IP	`cpe:/a:f5:big-ip:ddos_hybrid_defender`	DDoS Hybrid Defender
F5 BIG-IP Advanced WAF/ASM F5 / BIG-IP	`cpe:/a:f5:big-ip:advanced_wafasm`	Advanced WAF/ASM
F5 BIG-IP Next SPK F5 / BIG-IP	`cpe:/a:f5:big-ip:next_spk`	Next SPK
F5 BIG-IP Next for Kubernetes F5 / BIG-IP	`cpe:/a:f5:big-ip:next_for_kubernetes`	Next for Kubernetes
F5 BIG-IP Next CNF F5 / BIG-IP	`cpe:/a:f5:big-ip:next_cnf`	Next CNF
F5 BIG-IP F5 / BIG-IP	`cpe:/a:f5:big-ip:-`	—

CVE-2026-40060

Affected products

Known affected 10 products

Product	Identifier	Version
F5 BIG-IP SSL Orchestrator F5 / BIG-IP	`cpe:/a:f5:big-ip:ssl_orchestrator`	SSL Orchestrator
F5 BIG-IP DNS F5 / BIG-IP	`cpe:/a:f5:big-ip:dns`	DNS
F5 BIG-IP APM F5 / BIG-IP	`cpe:/a:f5:big-ip:apm`	APM
F5 BIG-IP PEM F5 / BIG-IP	`cpe:/a:f5:big-ip:pem`	PEM
F5 BIG-IP DDoS Hybrid Defender F5 / BIG-IP	`cpe:/a:f5:big-ip:ddos_hybrid_defender`	DDoS Hybrid Defender
F5 BIG-IP Advanced WAF/ASM F5 / BIG-IP	`cpe:/a:f5:big-ip:advanced_wafasm`	Advanced WAF/ASM
F5 BIG-IP Next SPK F5 / BIG-IP	`cpe:/a:f5:big-ip:next_spk`	Next SPK
F5 BIG-IP Next for Kubernetes F5 / BIG-IP	`cpe:/a:f5:big-ip:next_for_kubernetes`	Next for Kubernetes
F5 BIG-IP Next CNF F5 / BIG-IP	`cpe:/a:f5:big-ip:next_cnf`	Next CNF
F5 BIG-IP F5 / BIG-IP	`cpe:/a:f5:big-ip:-`	—

CVE-2026-40061

Affected products

Known affected 10 products

Product	Identifier	Version
F5 BIG-IP SSL Orchestrator F5 / BIG-IP	`cpe:/a:f5:big-ip:ssl_orchestrator`	SSL Orchestrator
F5 BIG-IP DNS F5 / BIG-IP	`cpe:/a:f5:big-ip:dns`	DNS
F5 BIG-IP APM F5 / BIG-IP	`cpe:/a:f5:big-ip:apm`	APM
F5 BIG-IP PEM F5 / BIG-IP	`cpe:/a:f5:big-ip:pem`	PEM
F5 BIG-IP DDoS Hybrid Defender F5 / BIG-IP	`cpe:/a:f5:big-ip:ddos_hybrid_defender`	DDoS Hybrid Defender
F5 BIG-IP Advanced WAF/ASM F5 / BIG-IP	`cpe:/a:f5:big-ip:advanced_wafasm`	Advanced WAF/ASM
F5 BIG-IP Next SPK F5 / BIG-IP	`cpe:/a:f5:big-ip:next_spk`	Next SPK
F5 BIG-IP Next for Kubernetes F5 / BIG-IP	`cpe:/a:f5:big-ip:next_for_kubernetes`	Next for Kubernetes
F5 BIG-IP Next CNF F5 / BIG-IP	`cpe:/a:f5:big-ip:next_cnf`	Next CNF
F5 BIG-IP F5 / BIG-IP	`cpe:/a:f5:big-ip:-`	—

CVE-2026-40067

Affected products

Known affected 10 products

Product	Identifier	Version
F5 BIG-IP SSL Orchestrator F5 / BIG-IP	`cpe:/a:f5:big-ip:ssl_orchestrator`	SSL Orchestrator
F5 BIG-IP DNS F5 / BIG-IP	`cpe:/a:f5:big-ip:dns`	DNS
F5 BIG-IP APM F5 / BIG-IP	`cpe:/a:f5:big-ip:apm`	APM
F5 BIG-IP PEM F5 / BIG-IP	`cpe:/a:f5:big-ip:pem`	PEM
F5 BIG-IP DDoS Hybrid Defender F5 / BIG-IP	`cpe:/a:f5:big-ip:ddos_hybrid_defender`	DDoS Hybrid Defender
F5 BIG-IP Advanced WAF/ASM F5 / BIG-IP	`cpe:/a:f5:big-ip:advanced_wafasm`	Advanced WAF/ASM
F5 BIG-IP Next SPK F5 / BIG-IP	`cpe:/a:f5:big-ip:next_spk`	Next SPK
F5 BIG-IP Next for Kubernetes F5 / BIG-IP	`cpe:/a:f5:big-ip:next_for_kubernetes`	Next for Kubernetes
F5 BIG-IP Next CNF F5 / BIG-IP	`cpe:/a:f5:big-ip:next_cnf`	Next CNF
F5 BIG-IP F5 / BIG-IP	`cpe:/a:f5:big-ip:-`	—

CVE-2026-40423

Affected products

Known affected 10 products

Product	Identifier	Version
F5 BIG-IP SSL Orchestrator F5 / BIG-IP	`cpe:/a:f5:big-ip:ssl_orchestrator`	SSL Orchestrator
F5 BIG-IP DNS F5 / BIG-IP	`cpe:/a:f5:big-ip:dns`	DNS
F5 BIG-IP APM F5 / BIG-IP	`cpe:/a:f5:big-ip:apm`	APM
F5 BIG-IP PEM F5 / BIG-IP	`cpe:/a:f5:big-ip:pem`	PEM
F5 BIG-IP DDoS Hybrid Defender F5 / BIG-IP	`cpe:/a:f5:big-ip:ddos_hybrid_defender`	DDoS Hybrid Defender
F5 BIG-IP Advanced WAF/ASM F5 / BIG-IP	`cpe:/a:f5:big-ip:advanced_wafasm`	Advanced WAF/ASM
F5 BIG-IP Next SPK F5 / BIG-IP	`cpe:/a:f5:big-ip:next_spk`	Next SPK
F5 BIG-IP Next for Kubernetes F5 / BIG-IP	`cpe:/a:f5:big-ip:next_for_kubernetes`	Next for Kubernetes
F5 BIG-IP Next CNF F5 / BIG-IP	`cpe:/a:f5:big-ip:next_cnf`	Next CNF
F5 BIG-IP F5 / BIG-IP	`cpe:/a:f5:big-ip:-`	—

CVE-2026-40435

Affected products

Known affected 10 products

Product	Identifier	Version
F5 BIG-IP SSL Orchestrator F5 / BIG-IP	`cpe:/a:f5:big-ip:ssl_orchestrator`	SSL Orchestrator
F5 BIG-IP DNS F5 / BIG-IP	`cpe:/a:f5:big-ip:dns`	DNS
F5 BIG-IP APM F5 / BIG-IP	`cpe:/a:f5:big-ip:apm`	APM
F5 BIG-IP PEM F5 / BIG-IP	`cpe:/a:f5:big-ip:pem`	PEM
F5 BIG-IP DDoS Hybrid Defender F5 / BIG-IP	`cpe:/a:f5:big-ip:ddos_hybrid_defender`	DDoS Hybrid Defender
F5 BIG-IP Advanced WAF/ASM F5 / BIG-IP	`cpe:/a:f5:big-ip:advanced_wafasm`	Advanced WAF/ASM
F5 BIG-IP Next SPK F5 / BIG-IP	`cpe:/a:f5:big-ip:next_spk`	Next SPK
F5 BIG-IP Next for Kubernetes F5 / BIG-IP	`cpe:/a:f5:big-ip:next_for_kubernetes`	Next for Kubernetes
F5 BIG-IP Next CNF F5 / BIG-IP	`cpe:/a:f5:big-ip:next_cnf`	Next CNF
F5 BIG-IP F5 / BIG-IP	`cpe:/a:f5:big-ip:-`	—

CVE-2026-40462

Affected products

Known affected 10 products

Product	Identifier	Version
F5 BIG-IP SSL Orchestrator F5 / BIG-IP	`cpe:/a:f5:big-ip:ssl_orchestrator`	SSL Orchestrator
F5 BIG-IP DNS F5 / BIG-IP	`cpe:/a:f5:big-ip:dns`	DNS
F5 BIG-IP APM F5 / BIG-IP	`cpe:/a:f5:big-ip:apm`	APM
F5 BIG-IP PEM F5 / BIG-IP	`cpe:/a:f5:big-ip:pem`	PEM
F5 BIG-IP DDoS Hybrid Defender F5 / BIG-IP	`cpe:/a:f5:big-ip:ddos_hybrid_defender`	DDoS Hybrid Defender
F5 BIG-IP Advanced WAF/ASM F5 / BIG-IP	`cpe:/a:f5:big-ip:advanced_wafasm`	Advanced WAF/ASM
F5 BIG-IP Next SPK F5 / BIG-IP	`cpe:/a:f5:big-ip:next_spk`	Next SPK
F5 BIG-IP Next for Kubernetes F5 / BIG-IP	`cpe:/a:f5:big-ip:next_for_kubernetes`	Next for Kubernetes
F5 BIG-IP Next CNF F5 / BIG-IP	`cpe:/a:f5:big-ip:next_cnf`	Next CNF
F5 BIG-IP F5 / BIG-IP	`cpe:/a:f5:big-ip:-`	—

CVE-2026-40618

Affected products

Known affected 10 products

Product	Identifier	Version
F5 BIG-IP SSL Orchestrator F5 / BIG-IP	`cpe:/a:f5:big-ip:ssl_orchestrator`	SSL Orchestrator
F5 BIG-IP DNS F5 / BIG-IP	`cpe:/a:f5:big-ip:dns`	DNS
F5 BIG-IP APM F5 / BIG-IP	`cpe:/a:f5:big-ip:apm`	APM
F5 BIG-IP PEM F5 / BIG-IP	`cpe:/a:f5:big-ip:pem`	PEM
F5 BIG-IP DDoS Hybrid Defender F5 / BIG-IP	`cpe:/a:f5:big-ip:ddos_hybrid_defender`	DDoS Hybrid Defender
F5 BIG-IP Advanced WAF/ASM F5 / BIG-IP	`cpe:/a:f5:big-ip:advanced_wafasm`	Advanced WAF/ASM
F5 BIG-IP Next SPK F5 / BIG-IP	`cpe:/a:f5:big-ip:next_spk`	Next SPK
F5 BIG-IP Next for Kubernetes F5 / BIG-IP	`cpe:/a:f5:big-ip:next_for_kubernetes`	Next for Kubernetes
F5 BIG-IP Next CNF F5 / BIG-IP	`cpe:/a:f5:big-ip:next_cnf`	Next CNF
F5 BIG-IP F5 / BIG-IP	`cpe:/a:f5:big-ip:-`	—

CVE-2026-40629

Affected products

Known affected 10 products

Product	Identifier	Version
F5 BIG-IP SSL Orchestrator F5 / BIG-IP	`cpe:/a:f5:big-ip:ssl_orchestrator`	SSL Orchestrator
F5 BIG-IP DNS F5 / BIG-IP	`cpe:/a:f5:big-ip:dns`	DNS
F5 BIG-IP APM F5 / BIG-IP	`cpe:/a:f5:big-ip:apm`	APM
F5 BIG-IP PEM F5 / BIG-IP	`cpe:/a:f5:big-ip:pem`	PEM
F5 BIG-IP DDoS Hybrid Defender F5 / BIG-IP	`cpe:/a:f5:big-ip:ddos_hybrid_defender`	DDoS Hybrid Defender
F5 BIG-IP Advanced WAF/ASM F5 / BIG-IP	`cpe:/a:f5:big-ip:advanced_wafasm`	Advanced WAF/ASM
F5 BIG-IP Next SPK F5 / BIG-IP	`cpe:/a:f5:big-ip:next_spk`	Next SPK
F5 BIG-IP Next for Kubernetes F5 / BIG-IP	`cpe:/a:f5:big-ip:next_for_kubernetes`	Next for Kubernetes
F5 BIG-IP Next CNF F5 / BIG-IP	`cpe:/a:f5:big-ip:next_cnf`	Next CNF
F5 BIG-IP F5 / BIG-IP	`cpe:/a:f5:big-ip:-`	—

CVE-2026-40631

Affected products

Known affected 10 products

Product	Identifier	Version
F5 BIG-IP SSL Orchestrator F5 / BIG-IP	`cpe:/a:f5:big-ip:ssl_orchestrator`	SSL Orchestrator
F5 BIG-IP DNS F5 / BIG-IP	`cpe:/a:f5:big-ip:dns`	DNS
F5 BIG-IP APM F5 / BIG-IP	`cpe:/a:f5:big-ip:apm`	APM
F5 BIG-IP PEM F5 / BIG-IP	`cpe:/a:f5:big-ip:pem`	PEM
F5 BIG-IP DDoS Hybrid Defender F5 / BIG-IP	`cpe:/a:f5:big-ip:ddos_hybrid_defender`	DDoS Hybrid Defender
F5 BIG-IP Advanced WAF/ASM F5 / BIG-IP	`cpe:/a:f5:big-ip:advanced_wafasm`	Advanced WAF/ASM
F5 BIG-IP Next SPK F5 / BIG-IP	`cpe:/a:f5:big-ip:next_spk`	Next SPK
F5 BIG-IP Next for Kubernetes F5 / BIG-IP	`cpe:/a:f5:big-ip:next_for_kubernetes`	Next for Kubernetes
F5 BIG-IP Next CNF F5 / BIG-IP	`cpe:/a:f5:big-ip:next_cnf`	Next CNF
F5 BIG-IP F5 / BIG-IP	`cpe:/a:f5:big-ip:-`	—

CVE-2026-40698

Affected products

Known affected 10 products

Product	Identifier	Version
F5 BIG-IP SSL Orchestrator F5 / BIG-IP	`cpe:/a:f5:big-ip:ssl_orchestrator`	SSL Orchestrator
F5 BIG-IP DNS F5 / BIG-IP	`cpe:/a:f5:big-ip:dns`	DNS
F5 BIG-IP APM F5 / BIG-IP	`cpe:/a:f5:big-ip:apm`	APM
F5 BIG-IP PEM F5 / BIG-IP	`cpe:/a:f5:big-ip:pem`	PEM
F5 BIG-IP DDoS Hybrid Defender F5 / BIG-IP	`cpe:/a:f5:big-ip:ddos_hybrid_defender`	DDoS Hybrid Defender
F5 BIG-IP Advanced WAF/ASM F5 / BIG-IP	`cpe:/a:f5:big-ip:advanced_wafasm`	Advanced WAF/ASM
F5 BIG-IP Next SPK F5 / BIG-IP	`cpe:/a:f5:big-ip:next_spk`	Next SPK
F5 BIG-IP Next for Kubernetes F5 / BIG-IP	`cpe:/a:f5:big-ip:next_for_kubernetes`	Next for Kubernetes
F5 BIG-IP Next CNF F5 / BIG-IP	`cpe:/a:f5:big-ip:next_cnf`	Next CNF
F5 BIG-IP F5 / BIG-IP	`cpe:/a:f5:big-ip:-`	—

CVE-2026-40699

Affected products

Known affected 10 products

Product	Identifier	Version
F5 BIG-IP SSL Orchestrator F5 / BIG-IP	`cpe:/a:f5:big-ip:ssl_orchestrator`	SSL Orchestrator
F5 BIG-IP DNS F5 / BIG-IP	`cpe:/a:f5:big-ip:dns`	DNS
F5 BIG-IP APM F5 / BIG-IP	`cpe:/a:f5:big-ip:apm`	APM
F5 BIG-IP PEM F5 / BIG-IP	`cpe:/a:f5:big-ip:pem`	PEM
F5 BIG-IP DDoS Hybrid Defender F5 / BIG-IP	`cpe:/a:f5:big-ip:ddos_hybrid_defender`	DDoS Hybrid Defender
F5 BIG-IP Advanced WAF/ASM F5 / BIG-IP	`cpe:/a:f5:big-ip:advanced_wafasm`	Advanced WAF/ASM
F5 BIG-IP Next SPK F5 / BIG-IP	`cpe:/a:f5:big-ip:next_spk`	Next SPK
F5 BIG-IP Next for Kubernetes F5 / BIG-IP	`cpe:/a:f5:big-ip:next_for_kubernetes`	Next for Kubernetes
F5 BIG-IP Next CNF F5 / BIG-IP	`cpe:/a:f5:big-ip:next_cnf`	Next CNF
F5 BIG-IP F5 / BIG-IP	`cpe:/a:f5:big-ip:-`	—

CVE-2026-40703

Affected products

Known affected 10 products

Product	Identifier	Version
F5 BIG-IP SSL Orchestrator F5 / BIG-IP	`cpe:/a:f5:big-ip:ssl_orchestrator`	SSL Orchestrator
F5 BIG-IP DNS F5 / BIG-IP	`cpe:/a:f5:big-ip:dns`	DNS
F5 BIG-IP APM F5 / BIG-IP	`cpe:/a:f5:big-ip:apm`	APM
F5 BIG-IP PEM F5 / BIG-IP	`cpe:/a:f5:big-ip:pem`	PEM
F5 BIG-IP DDoS Hybrid Defender F5 / BIG-IP	`cpe:/a:f5:big-ip:ddos_hybrid_defender`	DDoS Hybrid Defender
F5 BIG-IP Advanced WAF/ASM F5 / BIG-IP	`cpe:/a:f5:big-ip:advanced_wafasm`	Advanced WAF/ASM
F5 BIG-IP Next SPK F5 / BIG-IP	`cpe:/a:f5:big-ip:next_spk`	Next SPK
F5 BIG-IP Next for Kubernetes F5 / BIG-IP	`cpe:/a:f5:big-ip:next_for_kubernetes`	Next for Kubernetes
F5 BIG-IP Next CNF F5 / BIG-IP	`cpe:/a:f5:big-ip:next_cnf`	Next CNF
F5 BIG-IP F5 / BIG-IP	`cpe:/a:f5:big-ip:-`	—

CVE-2026-41217

Affected products

Known affected 10 products

Product	Identifier	Version
F5 BIG-IP SSL Orchestrator F5 / BIG-IP	`cpe:/a:f5:big-ip:ssl_orchestrator`	SSL Orchestrator
F5 BIG-IP DNS F5 / BIG-IP	`cpe:/a:f5:big-ip:dns`	DNS
F5 BIG-IP APM F5 / BIG-IP	`cpe:/a:f5:big-ip:apm`	APM
F5 BIG-IP PEM F5 / BIG-IP	`cpe:/a:f5:big-ip:pem`	PEM
F5 BIG-IP DDoS Hybrid Defender F5 / BIG-IP	`cpe:/a:f5:big-ip:ddos_hybrid_defender`	DDoS Hybrid Defender
F5 BIG-IP Advanced WAF/ASM F5 / BIG-IP	`cpe:/a:f5:big-ip:advanced_wafasm`	Advanced WAF/ASM
F5 BIG-IP Next SPK F5 / BIG-IP	`cpe:/a:f5:big-ip:next_spk`	Next SPK
F5 BIG-IP Next for Kubernetes F5 / BIG-IP	`cpe:/a:f5:big-ip:next_for_kubernetes`	Next for Kubernetes
F5 BIG-IP Next CNF F5 / BIG-IP	`cpe:/a:f5:big-ip:next_cnf`	Next CNF
F5 BIG-IP F5 / BIG-IP	`cpe:/a:f5:big-ip:-`	—

CVE-2026-41218

Affected products

Known affected 10 products

Product	Identifier	Version
F5 BIG-IP SSL Orchestrator F5 / BIG-IP	`cpe:/a:f5:big-ip:ssl_orchestrator`	SSL Orchestrator
F5 BIG-IP DNS F5 / BIG-IP	`cpe:/a:f5:big-ip:dns`	DNS
F5 BIG-IP APM F5 / BIG-IP	`cpe:/a:f5:big-ip:apm`	APM
F5 BIG-IP PEM F5 / BIG-IP	`cpe:/a:f5:big-ip:pem`	PEM
F5 BIG-IP DDoS Hybrid Defender F5 / BIG-IP	`cpe:/a:f5:big-ip:ddos_hybrid_defender`	DDoS Hybrid Defender
F5 BIG-IP Advanced WAF/ASM F5 / BIG-IP	`cpe:/a:f5:big-ip:advanced_wafasm`	Advanced WAF/ASM
F5 BIG-IP Next SPK F5 / BIG-IP	`cpe:/a:f5:big-ip:next_spk`	Next SPK
F5 BIG-IP Next for Kubernetes F5 / BIG-IP	`cpe:/a:f5:big-ip:next_for_kubernetes`	Next for Kubernetes
F5 BIG-IP Next CNF F5 / BIG-IP	`cpe:/a:f5:big-ip:next_cnf`	Next CNF
F5 BIG-IP F5 / BIG-IP	`cpe:/a:f5:big-ip:-`	—

CVE-2026-41219

Affected products

Known affected 10 products

Product	Identifier	Version
F5 BIG-IP SSL Orchestrator F5 / BIG-IP	`cpe:/a:f5:big-ip:ssl_orchestrator`	SSL Orchestrator
F5 BIG-IP DNS F5 / BIG-IP	`cpe:/a:f5:big-ip:dns`	DNS
F5 BIG-IP APM F5 / BIG-IP	`cpe:/a:f5:big-ip:apm`	APM
F5 BIG-IP PEM F5 / BIG-IP	`cpe:/a:f5:big-ip:pem`	PEM
F5 BIG-IP DDoS Hybrid Defender F5 / BIG-IP	`cpe:/a:f5:big-ip:ddos_hybrid_defender`	DDoS Hybrid Defender
F5 BIG-IP Advanced WAF/ASM F5 / BIG-IP	`cpe:/a:f5:big-ip:advanced_wafasm`	Advanced WAF/ASM
F5 BIG-IP Next SPK F5 / BIG-IP	`cpe:/a:f5:big-ip:next_spk`	Next SPK
F5 BIG-IP Next for Kubernetes F5 / BIG-IP	`cpe:/a:f5:big-ip:next_for_kubernetes`	Next for Kubernetes
F5 BIG-IP Next CNF F5 / BIG-IP	`cpe:/a:f5:big-ip:next_cnf`	Next CNF
F5 BIG-IP F5 / BIG-IP	`cpe:/a:f5:big-ip:-`	—

CVE-2026-41225

Affected products

Known affected 10 products

Product	Identifier	Version
F5 BIG-IP SSL Orchestrator F5 / BIG-IP	`cpe:/a:f5:big-ip:ssl_orchestrator`	SSL Orchestrator
F5 BIG-IP DNS F5 / BIG-IP	`cpe:/a:f5:big-ip:dns`	DNS
F5 BIG-IP APM F5 / BIG-IP	`cpe:/a:f5:big-ip:apm`	APM
F5 BIG-IP PEM F5 / BIG-IP	`cpe:/a:f5:big-ip:pem`	PEM
F5 BIG-IP DDoS Hybrid Defender F5 / BIG-IP	`cpe:/a:f5:big-ip:ddos_hybrid_defender`	DDoS Hybrid Defender
F5 BIG-IP Advanced WAF/ASM F5 / BIG-IP	`cpe:/a:f5:big-ip:advanced_wafasm`	Advanced WAF/ASM
F5 BIG-IP Next SPK F5 / BIG-IP	`cpe:/a:f5:big-ip:next_spk`	Next SPK
F5 BIG-IP Next for Kubernetes F5 / BIG-IP	`cpe:/a:f5:big-ip:next_for_kubernetes`	Next for Kubernetes
F5 BIG-IP Next CNF F5 / BIG-IP	`cpe:/a:f5:big-ip:next_cnf`	Next CNF
F5 BIG-IP F5 / BIG-IP	`cpe:/a:f5:big-ip:-`	—

CVE-2026-41227

Affected products

Known affected 10 products

Product	Identifier	Version
F5 BIG-IP SSL Orchestrator F5 / BIG-IP	`cpe:/a:f5:big-ip:ssl_orchestrator`	SSL Orchestrator
F5 BIG-IP DNS F5 / BIG-IP	`cpe:/a:f5:big-ip:dns`	DNS
F5 BIG-IP APM F5 / BIG-IP	`cpe:/a:f5:big-ip:apm`	APM
F5 BIG-IP PEM F5 / BIG-IP	`cpe:/a:f5:big-ip:pem`	PEM
F5 BIG-IP DDoS Hybrid Defender F5 / BIG-IP	`cpe:/a:f5:big-ip:ddos_hybrid_defender`	DDoS Hybrid Defender
F5 BIG-IP Advanced WAF/ASM F5 / BIG-IP	`cpe:/a:f5:big-ip:advanced_wafasm`	Advanced WAF/ASM
F5 BIG-IP Next SPK F5 / BIG-IP	`cpe:/a:f5:big-ip:next_spk`	Next SPK
F5 BIG-IP Next for Kubernetes F5 / BIG-IP	`cpe:/a:f5:big-ip:next_for_kubernetes`	Next for Kubernetes
F5 BIG-IP Next CNF F5 / BIG-IP	`cpe:/a:f5:big-ip:next_cnf`	Next CNF
F5 BIG-IP F5 / BIG-IP	`cpe:/a:f5:big-ip:-`	—

CVE-2026-41953

Affected products

Known affected 10 products

Product	Identifier	Version
F5 BIG-IP SSL Orchestrator F5 / BIG-IP	`cpe:/a:f5:big-ip:ssl_orchestrator`	SSL Orchestrator
F5 BIG-IP DNS F5 / BIG-IP	`cpe:/a:f5:big-ip:dns`	DNS
F5 BIG-IP APM F5 / BIG-IP	`cpe:/a:f5:big-ip:apm`	APM
F5 BIG-IP PEM F5 / BIG-IP	`cpe:/a:f5:big-ip:pem`	PEM
F5 BIG-IP DDoS Hybrid Defender F5 / BIG-IP	`cpe:/a:f5:big-ip:ddos_hybrid_defender`	DDoS Hybrid Defender
F5 BIG-IP Advanced WAF/ASM F5 / BIG-IP	`cpe:/a:f5:big-ip:advanced_wafasm`	Advanced WAF/ASM
F5 BIG-IP Next SPK F5 / BIG-IP	`cpe:/a:f5:big-ip:next_spk`	Next SPK
F5 BIG-IP Next for Kubernetes F5 / BIG-IP	`cpe:/a:f5:big-ip:next_for_kubernetes`	Next for Kubernetes
F5 BIG-IP Next CNF F5 / BIG-IP	`cpe:/a:f5:big-ip:next_cnf`	Next CNF
F5 BIG-IP F5 / BIG-IP	`cpe:/a:f5:big-ip:-`	—

CVE-2026-41954

Affected products

Known affected 10 products

Product	Identifier	Version
F5 BIG-IP SSL Orchestrator F5 / BIG-IP	`cpe:/a:f5:big-ip:ssl_orchestrator`	SSL Orchestrator
F5 BIG-IP DNS F5 / BIG-IP	`cpe:/a:f5:big-ip:dns`	DNS
F5 BIG-IP APM F5 / BIG-IP	`cpe:/a:f5:big-ip:apm`	APM
F5 BIG-IP PEM F5 / BIG-IP	`cpe:/a:f5:big-ip:pem`	PEM
F5 BIG-IP DDoS Hybrid Defender F5 / BIG-IP	`cpe:/a:f5:big-ip:ddos_hybrid_defender`	DDoS Hybrid Defender
F5 BIG-IP Advanced WAF/ASM F5 / BIG-IP	`cpe:/a:f5:big-ip:advanced_wafasm`	Advanced WAF/ASM
F5 BIG-IP Next SPK F5 / BIG-IP	`cpe:/a:f5:big-ip:next_spk`	Next SPK
F5 BIG-IP Next for Kubernetes F5 / BIG-IP	`cpe:/a:f5:big-ip:next_for_kubernetes`	Next for Kubernetes
F5 BIG-IP Next CNF F5 / BIG-IP	`cpe:/a:f5:big-ip:next_cnf`	Next CNF
F5 BIG-IP F5 / BIG-IP	`cpe:/a:f5:big-ip:-`	—

CVE-2026-41956

Affected products

Known affected 10 products

Product	Identifier	Version
F5 BIG-IP SSL Orchestrator F5 / BIG-IP	`cpe:/a:f5:big-ip:ssl_orchestrator`	SSL Orchestrator
F5 BIG-IP DNS F5 / BIG-IP	`cpe:/a:f5:big-ip:dns`	DNS
F5 BIG-IP APM F5 / BIG-IP	`cpe:/a:f5:big-ip:apm`	APM
F5 BIG-IP PEM F5 / BIG-IP	`cpe:/a:f5:big-ip:pem`	PEM
F5 BIG-IP DDoS Hybrid Defender F5 / BIG-IP	`cpe:/a:f5:big-ip:ddos_hybrid_defender`	DDoS Hybrid Defender
F5 BIG-IP Advanced WAF/ASM F5 / BIG-IP	`cpe:/a:f5:big-ip:advanced_wafasm`	Advanced WAF/ASM
F5 BIG-IP Next SPK F5 / BIG-IP	`cpe:/a:f5:big-ip:next_spk`	Next SPK
F5 BIG-IP Next for Kubernetes F5 / BIG-IP	`cpe:/a:f5:big-ip:next_for_kubernetes`	Next for Kubernetes
F5 BIG-IP Next CNF F5 / BIG-IP	`cpe:/a:f5:big-ip:next_cnf`	Next CNF
F5 BIG-IP F5 / BIG-IP	`cpe:/a:f5:big-ip:-`	—

CVE-2026-41957

Affected products

Known affected 10 products

Product	Identifier	Version
F5 BIG-IP SSL Orchestrator F5 / BIG-IP	`cpe:/a:f5:big-ip:ssl_orchestrator`	SSL Orchestrator
F5 BIG-IP DNS F5 / BIG-IP	`cpe:/a:f5:big-ip:dns`	DNS
F5 BIG-IP APM F5 / BIG-IP	`cpe:/a:f5:big-ip:apm`	APM
F5 BIG-IP PEM F5 / BIG-IP	`cpe:/a:f5:big-ip:pem`	PEM
F5 BIG-IP DDoS Hybrid Defender F5 / BIG-IP	`cpe:/a:f5:big-ip:ddos_hybrid_defender`	DDoS Hybrid Defender
F5 BIG-IP Advanced WAF/ASM F5 / BIG-IP	`cpe:/a:f5:big-ip:advanced_wafasm`	Advanced WAF/ASM
F5 BIG-IP Next SPK F5 / BIG-IP	`cpe:/a:f5:big-ip:next_spk`	Next SPK
F5 BIG-IP Next for Kubernetes F5 / BIG-IP	`cpe:/a:f5:big-ip:next_for_kubernetes`	Next for Kubernetes
F5 BIG-IP Next CNF F5 / BIG-IP	`cpe:/a:f5:big-ip:next_cnf`	Next CNF
F5 BIG-IP F5 / BIG-IP	`cpe:/a:f5:big-ip:-`	—

CVE-2026-41959

Affected products

Known affected 10 products

Product	Identifier	Version
F5 BIG-IP SSL Orchestrator F5 / BIG-IP	`cpe:/a:f5:big-ip:ssl_orchestrator`	SSL Orchestrator
F5 BIG-IP DNS F5 / BIG-IP	`cpe:/a:f5:big-ip:dns`	DNS
F5 BIG-IP APM F5 / BIG-IP	`cpe:/a:f5:big-ip:apm`	APM
F5 BIG-IP PEM F5 / BIG-IP	`cpe:/a:f5:big-ip:pem`	PEM
F5 BIG-IP DDoS Hybrid Defender F5 / BIG-IP	`cpe:/a:f5:big-ip:ddos_hybrid_defender`	DDoS Hybrid Defender
F5 BIG-IP Advanced WAF/ASM F5 / BIG-IP	`cpe:/a:f5:big-ip:advanced_wafasm`	Advanced WAF/ASM
F5 BIG-IP Next SPK F5 / BIG-IP	`cpe:/a:f5:big-ip:next_spk`	Next SPK
F5 BIG-IP Next for Kubernetes F5 / BIG-IP	`cpe:/a:f5:big-ip:next_for_kubernetes`	Next for Kubernetes
F5 BIG-IP Next CNF F5 / BIG-IP	`cpe:/a:f5:big-ip:next_cnf`	Next CNF
F5 BIG-IP F5 / BIG-IP	`cpe:/a:f5:big-ip:-`	—

CVE-2026-42058

Affected products

Known affected 10 products

Product	Identifier	Version
F5 BIG-IP SSL Orchestrator F5 / BIG-IP	`cpe:/a:f5:big-ip:ssl_orchestrator`	SSL Orchestrator
F5 BIG-IP DNS F5 / BIG-IP	`cpe:/a:f5:big-ip:dns`	DNS
F5 BIG-IP APM F5 / BIG-IP	`cpe:/a:f5:big-ip:apm`	APM
F5 BIG-IP PEM F5 / BIG-IP	`cpe:/a:f5:big-ip:pem`	PEM
F5 BIG-IP DDoS Hybrid Defender F5 / BIG-IP	`cpe:/a:f5:big-ip:ddos_hybrid_defender`	DDoS Hybrid Defender
F5 BIG-IP Advanced WAF/ASM F5 / BIG-IP	`cpe:/a:f5:big-ip:advanced_wafasm`	Advanced WAF/ASM
F5 BIG-IP Next SPK F5 / BIG-IP	`cpe:/a:f5:big-ip:next_spk`	Next SPK
F5 BIG-IP Next for Kubernetes F5 / BIG-IP	`cpe:/a:f5:big-ip:next_for_kubernetes`	Next for Kubernetes
F5 BIG-IP Next CNF F5 / BIG-IP	`cpe:/a:f5:big-ip:next_cnf`	Next CNF
F5 BIG-IP F5 / BIG-IP	`cpe:/a:f5:big-ip:-`	—

CVE-2026-42063

Affected products

Known affected 10 products

Product	Identifier	Version
F5 BIG-IP SSL Orchestrator F5 / BIG-IP	`cpe:/a:f5:big-ip:ssl_orchestrator`	SSL Orchestrator
F5 BIG-IP DNS F5 / BIG-IP	`cpe:/a:f5:big-ip:dns`	DNS
F5 BIG-IP APM F5 / BIG-IP	`cpe:/a:f5:big-ip:apm`	APM
F5 BIG-IP PEM F5 / BIG-IP	`cpe:/a:f5:big-ip:pem`	PEM
F5 BIG-IP DDoS Hybrid Defender F5 / BIG-IP	`cpe:/a:f5:big-ip:ddos_hybrid_defender`	DDoS Hybrid Defender
F5 BIG-IP Advanced WAF/ASM F5 / BIG-IP	`cpe:/a:f5:big-ip:advanced_wafasm`	Advanced WAF/ASM
F5 BIG-IP Next SPK F5 / BIG-IP	`cpe:/a:f5:big-ip:next_spk`	Next SPK
F5 BIG-IP Next for Kubernetes F5 / BIG-IP	`cpe:/a:f5:big-ip:next_for_kubernetes`	Next for Kubernetes
F5 BIG-IP Next CNF F5 / BIG-IP	`cpe:/a:f5:big-ip:next_cnf`	Next CNF
F5 BIG-IP F5 / BIG-IP	`cpe:/a:f5:big-ip:-`	—

CVE-2026-42406

Affected products

Known affected 10 products

Product	Identifier	Version
F5 BIG-IP SSL Orchestrator F5 / BIG-IP	`cpe:/a:f5:big-ip:ssl_orchestrator`	SSL Orchestrator
F5 BIG-IP DNS F5 / BIG-IP	`cpe:/a:f5:big-ip:dns`	DNS
F5 BIG-IP APM F5 / BIG-IP	`cpe:/a:f5:big-ip:apm`	APM
F5 BIG-IP PEM F5 / BIG-IP	`cpe:/a:f5:big-ip:pem`	PEM
F5 BIG-IP DDoS Hybrid Defender F5 / BIG-IP	`cpe:/a:f5:big-ip:ddos_hybrid_defender`	DDoS Hybrid Defender
F5 BIG-IP Advanced WAF/ASM F5 / BIG-IP	`cpe:/a:f5:big-ip:advanced_wafasm`	Advanced WAF/ASM
F5 BIG-IP Next SPK F5 / BIG-IP	`cpe:/a:f5:big-ip:next_spk`	Next SPK
F5 BIG-IP Next for Kubernetes F5 / BIG-IP	`cpe:/a:f5:big-ip:next_for_kubernetes`	Next for Kubernetes
F5 BIG-IP Next CNF F5 / BIG-IP	`cpe:/a:f5:big-ip:next_cnf`	Next CNF
F5 BIG-IP F5 / BIG-IP	`cpe:/a:f5:big-ip:-`	—

CVE-2026-42408

Affected products

Known affected 10 products

Product	Identifier	Version
F5 BIG-IP SSL Orchestrator F5 / BIG-IP	`cpe:/a:f5:big-ip:ssl_orchestrator`	SSL Orchestrator
F5 BIG-IP DNS F5 / BIG-IP	`cpe:/a:f5:big-ip:dns`	DNS
F5 BIG-IP APM F5 / BIG-IP	`cpe:/a:f5:big-ip:apm`	APM
F5 BIG-IP PEM F5 / BIG-IP	`cpe:/a:f5:big-ip:pem`	PEM
F5 BIG-IP DDoS Hybrid Defender F5 / BIG-IP	`cpe:/a:f5:big-ip:ddos_hybrid_defender`	DDoS Hybrid Defender
F5 BIG-IP Advanced WAF/ASM F5 / BIG-IP	`cpe:/a:f5:big-ip:advanced_wafasm`	Advanced WAF/ASM
F5 BIG-IP Next SPK F5 / BIG-IP	`cpe:/a:f5:big-ip:next_spk`	Next SPK
F5 BIG-IP Next for Kubernetes F5 / BIG-IP	`cpe:/a:f5:big-ip:next_for_kubernetes`	Next for Kubernetes
F5 BIG-IP Next CNF F5 / BIG-IP	`cpe:/a:f5:big-ip:next_cnf`	Next CNF
F5 BIG-IP F5 / BIG-IP	`cpe:/a:f5:big-ip:-`	—

CVE-2026-42409

Affected products

Known affected 10 products

Product	Identifier	Version
F5 BIG-IP SSL Orchestrator F5 / BIG-IP	`cpe:/a:f5:big-ip:ssl_orchestrator`	SSL Orchestrator
F5 BIG-IP DNS F5 / BIG-IP	`cpe:/a:f5:big-ip:dns`	DNS
F5 BIG-IP APM F5 / BIG-IP	`cpe:/a:f5:big-ip:apm`	APM
F5 BIG-IP PEM F5 / BIG-IP	`cpe:/a:f5:big-ip:pem`	PEM
F5 BIG-IP DDoS Hybrid Defender F5 / BIG-IP	`cpe:/a:f5:big-ip:ddos_hybrid_defender`	DDoS Hybrid Defender
F5 BIG-IP Advanced WAF/ASM F5 / BIG-IP	`cpe:/a:f5:big-ip:advanced_wafasm`	Advanced WAF/ASM
F5 BIG-IP Next SPK F5 / BIG-IP	`cpe:/a:f5:big-ip:next_spk`	Next SPK
F5 BIG-IP Next for Kubernetes F5 / BIG-IP	`cpe:/a:f5:big-ip:next_for_kubernetes`	Next for Kubernetes
F5 BIG-IP Next CNF F5 / BIG-IP	`cpe:/a:f5:big-ip:next_cnf`	Next CNF
F5 BIG-IP F5 / BIG-IP	`cpe:/a:f5:big-ip:-`	—

CVE-2026-42780

Affected products

Known affected 10 products

Product	Identifier	Version
F5 BIG-IP SSL Orchestrator F5 / BIG-IP	`cpe:/a:f5:big-ip:ssl_orchestrator`	SSL Orchestrator
F5 BIG-IP DNS F5 / BIG-IP	`cpe:/a:f5:big-ip:dns`	DNS
F5 BIG-IP APM F5 / BIG-IP	`cpe:/a:f5:big-ip:apm`	APM
F5 BIG-IP PEM F5 / BIG-IP	`cpe:/a:f5:big-ip:pem`	PEM
F5 BIG-IP DDoS Hybrid Defender F5 / BIG-IP	`cpe:/a:f5:big-ip:ddos_hybrid_defender`	DDoS Hybrid Defender
F5 BIG-IP Advanced WAF/ASM F5 / BIG-IP	`cpe:/a:f5:big-ip:advanced_wafasm`	Advanced WAF/ASM
F5 BIG-IP Next SPK F5 / BIG-IP	`cpe:/a:f5:big-ip:next_spk`	Next SPK
F5 BIG-IP Next for Kubernetes F5 / BIG-IP	`cpe:/a:f5:big-ip:next_for_kubernetes`	Next for Kubernetes
F5 BIG-IP Next CNF F5 / BIG-IP	`cpe:/a:f5:big-ip:next_cnf`	Next CNF
F5 BIG-IP F5 / BIG-IP	`cpe:/a:f5:big-ip:-`	—

CVE-2026-42781

Affected products

Known affected 10 products

Product	Identifier	Version
F5 BIG-IP SSL Orchestrator F5 / BIG-IP	`cpe:/a:f5:big-ip:ssl_orchestrator`	SSL Orchestrator
F5 BIG-IP DNS F5 / BIG-IP	`cpe:/a:f5:big-ip:dns`	DNS
F5 BIG-IP APM F5 / BIG-IP	`cpe:/a:f5:big-ip:apm`	APM
F5 BIG-IP PEM F5 / BIG-IP	`cpe:/a:f5:big-ip:pem`	PEM
F5 BIG-IP DDoS Hybrid Defender F5 / BIG-IP	`cpe:/a:f5:big-ip:ddos_hybrid_defender`	DDoS Hybrid Defender
F5 BIG-IP Advanced WAF/ASM F5 / BIG-IP	`cpe:/a:f5:big-ip:advanced_wafasm`	Advanced WAF/ASM
F5 BIG-IP Next SPK F5 / BIG-IP	`cpe:/a:f5:big-ip:next_spk`	Next SPK
F5 BIG-IP Next for Kubernetes F5 / BIG-IP	`cpe:/a:f5:big-ip:next_for_kubernetes`	Next for Kubernetes
F5 BIG-IP Next CNF F5 / BIG-IP	`cpe:/a:f5:big-ip:next_cnf`	Next CNF
F5 BIG-IP F5 / BIG-IP	`cpe:/a:f5:big-ip:-`	—

CVE-2026-42919

Affected products

Known affected 10 products

Product	Identifier	Version
F5 BIG-IP SSL Orchestrator F5 / BIG-IP	`cpe:/a:f5:big-ip:ssl_orchestrator`	SSL Orchestrator
F5 BIG-IP DNS F5 / BIG-IP	`cpe:/a:f5:big-ip:dns`	DNS
F5 BIG-IP APM F5 / BIG-IP	`cpe:/a:f5:big-ip:apm`	APM
F5 BIG-IP PEM F5 / BIG-IP	`cpe:/a:f5:big-ip:pem`	PEM
F5 BIG-IP DDoS Hybrid Defender F5 / BIG-IP	`cpe:/a:f5:big-ip:ddos_hybrid_defender`	DDoS Hybrid Defender
F5 BIG-IP Advanced WAF/ASM F5 / BIG-IP	`cpe:/a:f5:big-ip:advanced_wafasm`	Advanced WAF/ASM
F5 BIG-IP Next SPK F5 / BIG-IP	`cpe:/a:f5:big-ip:next_spk`	Next SPK
F5 BIG-IP Next for Kubernetes F5 / BIG-IP	`cpe:/a:f5:big-ip:next_for_kubernetes`	Next for Kubernetes
F5 BIG-IP Next CNF F5 / BIG-IP	`cpe:/a:f5:big-ip:next_cnf`	Next CNF
F5 BIG-IP F5 / BIG-IP	`cpe:/a:f5:big-ip:-`	—

CVE-2026-42920

Affected products

Known affected 10 products

Product	Identifier	Version
F5 BIG-IP SSL Orchestrator F5 / BIG-IP	`cpe:/a:f5:big-ip:ssl_orchestrator`	SSL Orchestrator
F5 BIG-IP DNS F5 / BIG-IP	`cpe:/a:f5:big-ip:dns`	DNS
F5 BIG-IP APM F5 / BIG-IP	`cpe:/a:f5:big-ip:apm`	APM
F5 BIG-IP PEM F5 / BIG-IP	`cpe:/a:f5:big-ip:pem`	PEM
F5 BIG-IP DDoS Hybrid Defender F5 / BIG-IP	`cpe:/a:f5:big-ip:ddos_hybrid_defender`	DDoS Hybrid Defender
F5 BIG-IP Advanced WAF/ASM F5 / BIG-IP	`cpe:/a:f5:big-ip:advanced_wafasm`	Advanced WAF/ASM
F5 BIG-IP Next SPK F5 / BIG-IP	`cpe:/a:f5:big-ip:next_spk`	Next SPK
F5 BIG-IP Next for Kubernetes F5 / BIG-IP	`cpe:/a:f5:big-ip:next_for_kubernetes`	Next for Kubernetes
F5 BIG-IP Next CNF F5 / BIG-IP	`cpe:/a:f5:big-ip:next_cnf`	Next CNF
F5 BIG-IP F5 / BIG-IP	`cpe:/a:f5:big-ip:-`	—

CVE-2026-42924

Affected products

Known affected 10 products

Product	Identifier	Version
F5 BIG-IP SSL Orchestrator F5 / BIG-IP	`cpe:/a:f5:big-ip:ssl_orchestrator`	SSL Orchestrator
F5 BIG-IP DNS F5 / BIG-IP	`cpe:/a:f5:big-ip:dns`	DNS
F5 BIG-IP APM F5 / BIG-IP	`cpe:/a:f5:big-ip:apm`	APM
F5 BIG-IP PEM F5 / BIG-IP	`cpe:/a:f5:big-ip:pem`	PEM
F5 BIG-IP DDoS Hybrid Defender F5 / BIG-IP	`cpe:/a:f5:big-ip:ddos_hybrid_defender`	DDoS Hybrid Defender
F5 BIG-IP Advanced WAF/ASM F5 / BIG-IP	`cpe:/a:f5:big-ip:advanced_wafasm`	Advanced WAF/ASM
F5 BIG-IP Next SPK F5 / BIG-IP	`cpe:/a:f5:big-ip:next_spk`	Next SPK
F5 BIG-IP Next for Kubernetes F5 / BIG-IP	`cpe:/a:f5:big-ip:next_for_kubernetes`	Next for Kubernetes
F5 BIG-IP Next CNF F5 / BIG-IP	`cpe:/a:f5:big-ip:next_cnf`	Next CNF
F5 BIG-IP F5 / BIG-IP	`cpe:/a:f5:big-ip:-`	—

CVE-2026-42930

Affected products

Known affected 10 products

Product	Identifier	Version
F5 BIG-IP SSL Orchestrator F5 / BIG-IP	`cpe:/a:f5:big-ip:ssl_orchestrator`	SSL Orchestrator
F5 BIG-IP DNS F5 / BIG-IP	`cpe:/a:f5:big-ip:dns`	DNS
F5 BIG-IP APM F5 / BIG-IP	`cpe:/a:f5:big-ip:apm`	APM
F5 BIG-IP PEM F5 / BIG-IP	`cpe:/a:f5:big-ip:pem`	PEM
F5 BIG-IP DDoS Hybrid Defender F5 / BIG-IP	`cpe:/a:f5:big-ip:ddos_hybrid_defender`	DDoS Hybrid Defender
F5 BIG-IP Advanced WAF/ASM F5 / BIG-IP	`cpe:/a:f5:big-ip:advanced_wafasm`	Advanced WAF/ASM
F5 BIG-IP Next SPK F5 / BIG-IP	`cpe:/a:f5:big-ip:next_spk`	Next SPK
F5 BIG-IP Next for Kubernetes F5 / BIG-IP	`cpe:/a:f5:big-ip:next_for_kubernetes`	Next for Kubernetes
F5 BIG-IP Next CNF F5 / BIG-IP	`cpe:/a:f5:big-ip:next_cnf`	Next CNF
F5 BIG-IP F5 / BIG-IP	`cpe:/a:f5:big-ip:-`	—

CVE-2026-42937

Affected products

Known affected 10 products

Product	Identifier	Version
F5 BIG-IP SSL Orchestrator F5 / BIG-IP	`cpe:/a:f5:big-ip:ssl_orchestrator`	SSL Orchestrator
F5 BIG-IP DNS F5 / BIG-IP	`cpe:/a:f5:big-ip:dns`	DNS
F5 BIG-IP APM F5 / BIG-IP	`cpe:/a:f5:big-ip:apm`	APM
F5 BIG-IP PEM F5 / BIG-IP	`cpe:/a:f5:big-ip:pem`	PEM
F5 BIG-IP DDoS Hybrid Defender F5 / BIG-IP	`cpe:/a:f5:big-ip:ddos_hybrid_defender`	DDoS Hybrid Defender
F5 BIG-IP Advanced WAF/ASM F5 / BIG-IP	`cpe:/a:f5:big-ip:advanced_wafasm`	Advanced WAF/ASM
F5 BIG-IP Next SPK F5 / BIG-IP	`cpe:/a:f5:big-ip:next_spk`	Next SPK
F5 BIG-IP Next for Kubernetes F5 / BIG-IP	`cpe:/a:f5:big-ip:next_for_kubernetes`	Next for Kubernetes
F5 BIG-IP Next CNF F5 / BIG-IP	`cpe:/a:f5:big-ip:next_cnf`	Next CNF
F5 BIG-IP F5 / BIG-IP	`cpe:/a:f5:big-ip:-`	—

References

60 references

URL	Category
https://wid.cert-bund.de/.well-known/csaf/white/2…	self
https://wid.cert-bund.de/portal/wid/securityadvis…	self
https://my.f5.com/manage/s/article/K000149743	external
https://my.f5.com/manage/s/article/K000156734	external
https://my.f5.com/manage/s/article/K000157895	external
https://my.f5.com/manage/s/article/K000158038	external
https://my.f5.com/manage/s/article/K000160862	external
https://my.f5.com/manage/s/article/K000160863	external
https://my.f5.com/manage/s/article/K000160874	external
https://my.f5.com/manage/s/article/K000160876	external
https://my.f5.com/manage/s/article/K000160903	external
https://my.f5.com/manage/s/article/K000160911	external
https://my.f5.com/manage/s/article/K000160916	external
https://my.f5.com/manage/s/article/K000160945	external
https://my.f5.com/manage/s/article/K000160971	external
https://my.f5.com/manage/s/article/K000160972	external
https://my.f5.com/manage/s/article/K000161018	external
https://my.f5.com/manage/s/article/K000160981	external
https://my.f5.com/manage/s/article/K000160979	external
https://my.f5.com/manage/s/article/K000160973	external
https://my.f5.com/manage/s/article/K000161040	external
https://my.f5.com/manage/s/article/K000161022	external
https://my.f5.com/manage/s/article/K000161107	external
https://my.f5.com/manage/s/article/K32950402	external
https://my.f5.com/manage/s/article/K000160975	external
https://my.f5.com/manage/s/article/K000160857	external
https://my.f5.com/manage/s/article/K000158978	external
https://my.f5.com/manage/s/article/K000158070	external
https://my.f5.com/manage/s/article/K000156761	external
https://my.f5.com/manage/s/article/K000158082	external
https://my.f5.com/manage/s/article/K000156581	external
https://my.f5.com/manage/s/article/K000156604	external
https://my.f5.com/manage/s/article/K000160926	external
https://my.f5.com/manage/s/article/K000160901	external
https://my.f5.com/manage/s/article/K000158971	external
https://my.f5.com/manage/s/article/K000159034	external
https://my.f5.com/manage/s/article/K000157981	external
https://my.f5.com/manage/s/article/K000158979	external
https://my.f5.com/manage/s/article/K000160875	external
https://my.f5.com/manage/s/article/K35544022	external
https://my.f5.com/manage/s/article/K000161023	external
https://my.f5.com/manage/s/article/K000161056	external
https://my.f5.com/manage/s/article/K000160788	external
https://my.f5.com/manage/s/article/K000160727	external
https://euvd.enisa.europa.eu/enisa/EUVD-2026-29965	external
https://euvd.enisa.europa.eu/enisa/EUVD-2026-29969	external
https://euvd.enisa.europa.eu/enisa/EUVD-2026-29971	external
https://euvd.enisa.europa.eu/enisa/EUVD-2026-29972	external
https://euvd.enisa.europa.eu/enisa/EUVD-2026-29982	external
https://euvd.enisa.europa.eu/enisa/EUVD-2026-29984	external
https://euvd.enisa.europa.eu/enisa/EUVD-2026-29987	external
https://euvd.enisa.europa.eu/enisa/EUVD-2026-29998	external
https://euvd.enisa.europa.eu/enisa/EUVD-2026-29999	external
https://euvd.enisa.europa.eu/enisa/EUVD-2026-30003	external
https://euvd.enisa.europa.eu/enisa/EUVD-2026-30004	external
https://euvd.enisa.europa.eu/enisa/EUVD-2026-30005	external
https://euvd.enisa.europa.eu/enisa/EUVD-2026-29973	external
https://euvd.enisa.europa.eu/enisa/EUVD-2026-29975	external
https://euvd.enisa.europa.eu/enisa/EUVD-2026-29976	external
https://euvd.enisa.europa.eu/enisa/EUVD-2026-29991	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "mittel"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "BIG-IP ist eine Netzwerk Appliance auf der die meisten F5 Produkte laufen.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein Angreifer kann mehrere Schwachstellen in F5 BIG-IP ausnutzen, um beliebigen Programmcode auszuf\u00fchren, erweiterte Berechtigungen zu erlangen, Sicherheitsma\u00dfnahmen zu umgehen, Daten zu manipulieren oder offenzulegen oder einen Denial-of-Service-Zustand zu verursachen.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- Sonstiges",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2026-1532 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2026/wid-sec-w-2026-1532.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2026-1532 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2026-1532"
      },
      {
        "category": "external",
        "summary": "F5 Security Advisory vom 2026-05-13",
        "url": "https://my.f5.com/manage/s/article/K000149743"
      },
      {
        "category": "external",
        "summary": "F5 Security Advisory vom 2026-05-13",
        "url": "https://my.f5.com/manage/s/article/K000156734"
      },
      {
        "category": "external",
        "summary": "F5 Security Advisory vom 2026-05-13",
        "url": "https://my.f5.com/manage/s/article/K000157895"
      },
      {
        "category": "external",
        "summary": "F5 Security Advisory vom 2026-05-13",
        "url": "https://my.f5.com/manage/s/article/K000158038"
      },
      {
        "category": "external",
        "summary": "F5 Security Advisory vom 2026-05-13",
        "url": "https://my.f5.com/manage/s/article/K000160862"
      },
      {
        "category": "external",
        "summary": "F5 Security Advisory vom 2026-05-13",
        "url": "https://my.f5.com/manage/s/article/K000160863"
      },
      {
        "category": "external",
        "summary": "F5 Security Advisory vom 2026-05-13",
        "url": "https://my.f5.com/manage/s/article/K000160874"
      },
      {
        "category": "external",
        "summary": "F5 Security Advisory vom 2026-05-13",
        "url": "https://my.f5.com/manage/s/article/K000160876"
      },
      {
        "category": "external",
        "summary": "F5 Security Advisory vom 2026-05-13",
        "url": "https://my.f5.com/manage/s/article/K000160903"
      },
      {
        "category": "external",
        "summary": "F5 Security Advisory vom 2026-05-13",
        "url": "https://my.f5.com/manage/s/article/K000160911"
      },
      {
        "category": "external",
        "summary": "F5 Security Advisory vom 2026-05-13",
        "url": "https://my.f5.com/manage/s/article/K000160916"
      },
      {
        "category": "external",
        "summary": "F5 Security Advisory vom 2026-05-13",
        "url": "https://my.f5.com/manage/s/article/K000160945"
      },
      {
        "category": "external",
        "summary": "F5 Security Advisory vom 2026-05-13",
        "url": "https://my.f5.com/manage/s/article/K000160971"
      },
      {
        "category": "external",
        "summary": "F5 Security Advisory vom 2026-05-13",
        "url": "https://my.f5.com/manage/s/article/K000160972"
      },
      {
        "category": "external",
        "summary": "F5 Security Advisory vom 2026-05-13",
        "url": "https://my.f5.com/manage/s/article/K000161018"
      },
      {
        "category": "external",
        "summary": "F5 Security Advisory vom 2026-05-13",
        "url": "https://my.f5.com/manage/s/article/K000160981"
      },
      {
        "category": "external",
        "summary": "F5 Security Advisory vom 2026-05-13",
        "url": "https://my.f5.com/manage/s/article/K000160979"
      },
      {
        "category": "external",
        "summary": "F5 Security Advisory vom 2026-05-13",
        "url": "https://my.f5.com/manage/s/article/K000160973"
      },
      {
        "category": "external",
        "summary": "F5 Security Advisory vom 2026-05-13",
        "url": "https://my.f5.com/manage/s/article/K000161040"
      },
      {
        "category": "external",
        "summary": "F5 Security Advisory vom 2026-05-13",
        "url": "https://my.f5.com/manage/s/article/K000161022"
      },
      {
        "category": "external",
        "summary": "F5 Security Advisory vom 2026-05-13",
        "url": "https://my.f5.com/manage/s/article/K000161107"
      },
      {
        "category": "external",
        "summary": "F5 Security Advisory vom 2026-05-13",
        "url": "https://my.f5.com/manage/s/article/K32950402"
      },
      {
        "category": "external",
        "summary": "F5 Security Advisory vom 2026-05-13",
        "url": "https://my.f5.com/manage/s/article/K000160975"
      },
      {
        "category": "external",
        "summary": "F5 Security Advisory vom 2026-05-13",
        "url": "https://my.f5.com/manage/s/article/K000160857"
      },
      {
        "category": "external",
        "summary": "F5 Security Advisory vom 2026-05-13",
        "url": "https://my.f5.com/manage/s/article/K000158978"
      },
      {
        "category": "external",
        "summary": "F5 Security Advisory vom 2026-05-13",
        "url": "https://my.f5.com/manage/s/article/K000158070"
      },
      {
        "category": "external",
        "summary": "F5 Security Advisory vom 2026-05-13",
        "url": "https://my.f5.com/manage/s/article/K000156761"
      },
      {
        "category": "external",
        "summary": "F5 Security Advisory vom 2026-05-13",
        "url": "https://my.f5.com/manage/s/article/K000158082"
      },
      {
        "category": "external",
        "summary": "F5 Security Advisory vom 2026-05-13",
        "url": "https://my.f5.com/manage/s/article/K000156581"
      },
      {
        "category": "external",
        "summary": "F5 Security Advisory vom 2026-05-13",
        "url": "https://my.f5.com/manage/s/article/K000156604"
      },
      {
        "category": "external",
        "summary": "F5 Security Advisory vom 2026-05-13",
        "url": "https://my.f5.com/manage/s/article/K000160926"
      },
      {
        "category": "external",
        "summary": "F5 Security Advisory vom 2026-05-13",
        "url": "https://my.f5.com/manage/s/article/K000160901"
      },
      {
        "category": "external",
        "summary": "F5 Security Advisory vom 2026-05-13",
        "url": "https://my.f5.com/manage/s/article/K000158971"
      },
      {
        "category": "external",
        "summary": "F5 Security Advisory vom 2026-05-13",
        "url": "https://my.f5.com/manage/s/article/K000159034"
      },
      {
        "category": "external",
        "summary": "F5 Security Advisory vom 2026-05-13",
        "url": "https://my.f5.com/manage/s/article/K000157981"
      },
      {
        "category": "external",
        "summary": "F5 Security Advisory vom 2026-05-13",
        "url": "https://my.f5.com/manage/s/article/K000158979"
      },
      {
        "category": "external",
        "summary": "F5 Security Advisory vom 2026-05-13",
        "url": "https://my.f5.com/manage/s/article/K000160875"
      },
      {
        "category": "external",
        "summary": "F5 Security Advisory vom 2026-05-13",
        "url": "https://my.f5.com/manage/s/article/K35544022"
      },
      {
        "category": "external",
        "summary": "F5 Security Advisory vom 2026-05-13",
        "url": "https://my.f5.com/manage/s/article/K000161023"
      },
      {
        "category": "external",
        "summary": "F5 Security Advisory vom 2026-05-13",
        "url": "https://my.f5.com/manage/s/article/K000161056"
      },
      {
        "category": "external",
        "summary": "F5 Security Advisory vom 2026-05-13",
        "url": "https://my.f5.com/manage/s/article/K000160788"
      },
      {
        "category": "external",
        "summary": "F5 Security Advisory vom 2026-05-13",
        "url": "https://my.f5.com/manage/s/article/K000160727"
      },
      {
        "category": "external",
        "summary": "EUVD Security Advisory vom 2026-05-13",
        "url": "https://euvd.enisa.europa.eu/enisa/EUVD-2026-29965"
      },
      {
        "category": "external",
        "summary": "EUVD Security Advisory vom 2026-05-13",
        "url": "https://euvd.enisa.europa.eu/enisa/EUVD-2026-29969"
      },
      {
        "category": "external",
        "summary": "EUVD Security Advisory vom 2026-05-13",
        "url": "https://euvd.enisa.europa.eu/enisa/EUVD-2026-29971"
      },
      {
        "category": "external",
        "summary": "EUVD Security Advisory vom 2026-05-13",
        "url": "https://euvd.enisa.europa.eu/enisa/EUVD-2026-29972"
      },
      {
        "category": "external",
        "summary": "EUVD Security Advisory vom 2026-05-13",
        "url": "https://euvd.enisa.europa.eu/enisa/EUVD-2026-29982"
      },
      {
        "category": "external",
        "summary": "EUVD Security Advisory vom 2026-05-13",
        "url": "https://euvd.enisa.europa.eu/enisa/EUVD-2026-29984"
      },
      {
        "category": "external",
        "summary": "EUVD Security Advisory vom 2026-05-13",
        "url": "https://euvd.enisa.europa.eu/enisa/EUVD-2026-29987"
      },
      {
        "category": "external",
        "summary": "EUVD Security Advisory vom 2026-05-13",
        "url": "https://euvd.enisa.europa.eu/enisa/EUVD-2026-29998"
      },
      {
        "category": "external",
        "summary": "EUVD Security Advisory vom 2026-05-13",
        "url": "https://euvd.enisa.europa.eu/enisa/EUVD-2026-29999"
      },
      {
        "category": "external",
        "summary": "EUVD Security Advisory vom 2026-05-13",
        "url": "https://euvd.enisa.europa.eu/enisa/EUVD-2026-30003"
      },
      {
        "category": "external",
        "summary": "EUVD Security Advisory vom 2026-05-13",
        "url": "https://euvd.enisa.europa.eu/enisa/EUVD-2026-30004"
      },
      {
        "category": "external",
        "summary": "EUVD Security Advisory vom 2026-05-13",
        "url": "https://euvd.enisa.europa.eu/enisa/EUVD-2026-30005"
      },
      {
        "category": "external",
        "summary": "EUVD Security Advisory vom 2026-05-13",
        "url": "https://euvd.enisa.europa.eu/enisa/EUVD-2026-29973"
      },
      {
        "category": "external",
        "summary": "EUVD Security Advisory vom 2026-05-13",
        "url": "https://euvd.enisa.europa.eu/enisa/EUVD-2026-29975"
      },
      {
        "category": "external",
        "summary": "EUVD Security Advisory vom 2026-05-13",
        "url": "https://euvd.enisa.europa.eu/enisa/EUVD-2026-29976"
      },
      {
        "category": "external",
        "summary": "EUVD Security Advisory vom 2026-05-13",
        "url": "https://euvd.enisa.europa.eu/enisa/EUVD-2026-29991"
      }
    ],
    "source_lang": "en-US",
    "title": "F5 BIG-IP Produkte: Mehrere Schwachstellen",
    "tracking": {
      "current_release_date": "2026-05-14T22:00:00.000+00:00",
      "generator": {
        "date": "2026-05-15T09:54:07.909+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.5.0"
        }
      },
      "id": "WID-SEC-W-2026-1532",
      "initial_release_date": "2026-05-14T22:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2026-05-14T22:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "F5 BIG-IP",
                "product": {
                  "name": "F5 BIG-IP",
                  "product_id": "T054135",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:f5:big-ip:-"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "Next CNF",
                "product": {
                  "name": "F5 BIG-IP Next CNF",
                  "product_id": "T054136",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:f5:big-ip:next_cnf"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "Next for Kubernetes",
                "product": {
                  "name": "F5 BIG-IP Next for Kubernetes",
                  "product_id": "T054137",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:f5:big-ip:next_for_kubernetes"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "Next SPK",
                "product": {
                  "name": "F5 BIG-IP Next SPK",
                  "product_id": "T054138",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:f5:big-ip:next_spk"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "Advanced WAF/ASM",
                "product": {
                  "name": "F5 BIG-IP Advanced WAF/ASM",
                  "product_id": "T054139",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:f5:big-ip:advanced_wafasm"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "DDoS Hybrid Defender",
                "product": {
                  "name": "F5 BIG-IP DDoS Hybrid Defender",
                  "product_id": "T054140",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:f5:big-ip:ddos_hybrid_defender"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "PEM",
                "product": {
                  "name": "F5 BIG-IP PEM",
                  "product_id": "T054141",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:f5:big-ip:pem"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "APM",
                "product": {
                  "name": "F5 BIG-IP APM",
                  "product_id": "T054142",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:f5:big-ip:apm"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "DNS",
                "product": {
                  "name": "F5 BIG-IP DNS",
                  "product_id": "T054143",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:f5:big-ip:dns"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "SSL Orchestrator",
                "product": {
                  "name": "F5 BIG-IP SSL Orchestrator",
                  "product_id": "T054144",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:f5:big-ip:ssl_orchestrator"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "BIG-IP"
          }
        ],
        "category": "vendor",
        "name": "F5"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2026-24464",
      "product_status": {
        "known_affected": [
          "T054144",
          "T054143",
          "T054142",
          "T054141",
          "T054140",
          "T054139",
          "T054138",
          "T054137",
          "T054136",
          "T054135"
        ]
      },
      "release_date": "2026-05-14T22:00:00.000+00:00",
      "title": "CVE-2026-24464"
    },
    {
      "cve": "CVE-2026-28758",
      "product_status": {
        "known_affected": [
          "T054144",
          "T054143",
          "T054142",
          "T054141",
          "T054140",
          "T054139",
          "T054138",
          "T054137",
          "T054136",
          "T054135"
        ]
      },
      "release_date": "2026-05-14T22:00:00.000+00:00",
      "title": "CVE-2026-28758"
    },
    {
      "cve": "CVE-2026-32643",
      "product_status": {
        "known_affected": [
          "T054144",
          "T054143",
          "T054142",
          "T054141",
          "T054140",
          "T054139",
          "T054138",
          "T054137",
          "T054136",
          "T054135"
        ]
      },
      "release_date": "2026-05-14T22:00:00.000+00:00",
      "title": "CVE-2026-32643"
    },
    {
      "cve": "CVE-2026-32673",
      "product_status": {
        "known_affected": [
          "T054144",
          "T054143",
          "T054142",
          "T054141",
          "T054140",
          "T054139",
          "T054138",
          "T054137",
          "T054136",
          "T054135"
        ]
      },
      "release_date": "2026-05-14T22:00:00.000+00:00",
      "title": "CVE-2026-32673"
    },
    {
      "cve": "CVE-2026-34176",
      "product_status": {
        "known_affected": [
          "T054144",
          "T054143",
          "T054142",
          "T054141",
          "T054140",
          "T054139",
          "T054138",
          "T054137",
          "T054136",
          "T054135"
        ]
      },
      "release_date": "2026-05-14T22:00:00.000+00:00",
      "title": "CVE-2026-34176"
    },
    {
      "cve": "CVE-2026-35062",
      "product_status": {
        "known_affected": [
          "T054144",
          "T054143",
          "T054142",
          "T054141",
          "T054140",
          "T054139",
          "T054138",
          "T054137",
          "T054136",
          "T054135"
        ]
      },
      "release_date": "2026-05-14T22:00:00.000+00:00",
      "title": "CVE-2026-35062"
    },
    {
      "cve": "CVE-2026-39455",
      "product_status": {
        "known_affected": [
          "T054144",
          "T054143",
          "T054142",
          "T054141",
          "T054140",
          "T054139",
          "T054138",
          "T054137",
          "T054136",
          "T054135"
        ]
      },
      "release_date": "2026-05-14T22:00:00.000+00:00",
      "title": "CVE-2026-39455"
    },
    {
      "cve": "CVE-2026-39458",
      "product_status": {
        "known_affected": [
          "T054144",
          "T054143",
          "T054142",
          "T054141",
          "T054140",
          "T054139",
          "T054138",
          "T054137",
          "T054136",
          "T054135"
        ]
      },
      "release_date": "2026-05-14T22:00:00.000+00:00",
      "title": "CVE-2026-39458"
    },
    {
      "cve": "CVE-2026-39459",
      "product_status": {
        "known_affected": [
          "T054144",
          "T054143",
          "T054142",
          "T054141",
          "T054140",
          "T054139",
          "T054138",
          "T054137",
          "T054136",
          "T054135"
        ]
      },
      "release_date": "2026-05-14T22:00:00.000+00:00",
      "title": "CVE-2026-39459"
    },
    {
      "cve": "CVE-2026-40060",
      "product_status": {
        "known_affected": [
          "T054144",
          "T054143",
          "T054142",
          "T054141",
          "T054140",
          "T054139",
          "T054138",
          "T054137",
          "T054136",
          "T054135"
        ]
      },
      "release_date": "2026-05-14T22:00:00.000+00:00",
      "title": "CVE-2026-40060"
    },
    {
      "cve": "CVE-2026-40061",
      "product_status": {
        "known_affected": [
          "T054144",
          "T054143",
          "T054142",
          "T054141",
          "T054140",
          "T054139",
          "T054138",
          "T054137",
          "T054136",
          "T054135"
        ]
      },
      "release_date": "2026-05-14T22:00:00.000+00:00",
      "title": "CVE-2026-40061"
    },
    {
      "cve": "CVE-2026-40067",
      "product_status": {
        "known_affected": [
          "T054144",
          "T054143",
          "T054142",
          "T054141",
          "T054140",
          "T054139",
          "T054138",
          "T054137",
          "T054136",
          "T054135"
        ]
      },
      "release_date": "2026-05-14T22:00:00.000+00:00",
      "title": "CVE-2026-40067"
    },
    {
      "cve": "CVE-2026-40423",
      "product_status": {
        "known_affected": [
          "T054144",
          "T054143",
          "T054142",
          "T054141",
          "T054140",
          "T054139",
          "T054138",
          "T054137",
          "T054136",
          "T054135"
        ]
      },
      "release_date": "2026-05-14T22:00:00.000+00:00",
      "title": "CVE-2026-40423"
    },
    {
      "cve": "CVE-2026-40435",
      "product_status": {
        "known_affected": [
          "T054144",
          "T054143",
          "T054142",
          "T054141",
          "T054140",
          "T054139",
          "T054138",
          "T054137",
          "T054136",
          "T054135"
        ]
      },
      "release_date": "2026-05-14T22:00:00.000+00:00",
      "title": "CVE-2026-40435"
    },
    {
      "cve": "CVE-2026-40462",
      "product_status": {
        "known_affected": [
          "T054144",
          "T054143",
          "T054142",
          "T054141",
          "T054140",
          "T054139",
          "T054138",
          "T054137",
          "T054136",
          "T054135"
        ]
      },
      "release_date": "2026-05-14T22:00:00.000+00:00",
      "title": "CVE-2026-40462"
    },
    {
      "cve": "CVE-2026-40618",
      "product_status": {
        "known_affected": [
          "T054144",
          "T054143",
          "T054142",
          "T054141",
          "T054140",
          "T054139",
          "T054138",
          "T054137",
          "T054136",
          "T054135"
        ]
      },
      "release_date": "2026-05-14T22:00:00.000+00:00",
      "title": "CVE-2026-40618"
    },
    {
      "cve": "CVE-2026-40629",
      "product_status": {
        "known_affected": [
          "T054144",
          "T054143",
          "T054142",
          "T054141",
          "T054140",
          "T054139",
          "T054138",
          "T054137",
          "T054136",
          "T054135"
        ]
      },
      "release_date": "2026-05-14T22:00:00.000+00:00",
      "title": "CVE-2026-40629"
    },
    {
      "cve": "CVE-2026-40631",
      "product_status": {
        "known_affected": [
          "T054144",
          "T054143",
          "T054142",
          "T054141",
          "T054140",
          "T054139",
          "T054138",
          "T054137",
          "T054136",
          "T054135"
        ]
      },
      "release_date": "2026-05-14T22:00:00.000+00:00",
      "title": "CVE-2026-40631"
    },
    {
      "cve": "CVE-2026-40698",
      "product_status": {
        "known_affected": [
          "T054144",
          "T054143",
          "T054142",
          "T054141",
          "T054140",
          "T054139",
          "T054138",
          "T054137",
          "T054136",
          "T054135"
        ]
      },
      "release_date": "2026-05-14T22:00:00.000+00:00",
      "title": "CVE-2026-40698"
    },
    {
      "cve": "CVE-2026-40699",
      "product_status": {
        "known_affected": [
          "T054144",
          "T054143",
          "T054142",
          "T054141",
          "T054140",
          "T054139",
          "T054138",
          "T054137",
          "T054136",
          "T054135"
        ]
      },
      "release_date": "2026-05-14T22:00:00.000+00:00",
      "title": "CVE-2026-40699"
    },
    {
      "cve": "CVE-2026-40703",
      "product_status": {
        "known_affected": [
          "T054144",
          "T054143",
          "T054142",
          "T054141",
          "T054140",
          "T054139",
          "T054138",
          "T054137",
          "T054136",
          "T054135"
        ]
      },
      "release_date": "2026-05-14T22:00:00.000+00:00",
      "title": "CVE-2026-40703"
    },
    {
      "cve": "CVE-2026-41217",
      "product_status": {
        "known_affected": [
          "T054144",
          "T054143",
          "T054142",
          "T054141",
          "T054140",
          "T054139",
          "T054138",
          "T054137",
          "T054136",
          "T054135"
        ]
      },
      "release_date": "2026-05-14T22:00:00.000+00:00",
      "title": "CVE-2026-41217"
    },
    {
      "cve": "CVE-2026-41218",
      "product_status": {
        "known_affected": [
          "T054144",
          "T054143",
          "T054142",
          "T054141",
          "T054140",
          "T054139",
          "T054138",
          "T054137",
          "T054136",
          "T054135"
        ]
      },
      "release_date": "2026-05-14T22:00:00.000+00:00",
      "title": "CVE-2026-41218"
    },
    {
      "cve": "CVE-2026-41219",
      "product_status": {
        "known_affected": [
          "T054144",
          "T054143",
          "T054142",
          "T054141",
          "T054140",
          "T054139",
          "T054138",
          "T054137",
          "T054136",
          "T054135"
        ]
      },
      "release_date": "2026-05-14T22:00:00.000+00:00",
      "title": "CVE-2026-41219"
    },
    {
      "cve": "CVE-2026-41225",
      "product_status": {
        "known_affected": [
          "T054144",
          "T054143",
          "T054142",
          "T054141",
          "T054140",
          "T054139",
          "T054138",
          "T054137",
          "T054136",
          "T054135"
        ]
      },
      "release_date": "2026-05-14T22:00:00.000+00:00",
      "title": "CVE-2026-41225"
    },
    {
      "cve": "CVE-2026-41227",
      "product_status": {
        "known_affected": [
          "T054144",
          "T054143",
          "T054142",
          "T054141",
          "T054140",
          "T054139",
          "T054138",
          "T054137",
          "T054136",
          "T054135"
        ]
      },
      "release_date": "2026-05-14T22:00:00.000+00:00",
      "title": "CVE-2026-41227"
    },
    {
      "cve": "CVE-2026-41953",
      "product_status": {
        "known_affected": [
          "T054144",
          "T054143",
          "T054142",
          "T054141",
          "T054140",
          "T054139",
          "T054138",
          "T054137",
          "T054136",
          "T054135"
        ]
      },
      "release_date": "2026-05-14T22:00:00.000+00:00",
      "title": "CVE-2026-41953"
    },
    {
      "cve": "CVE-2026-41954",
      "product_status": {
        "known_affected": [
          "T054144",
          "T054143",
          "T054142",
          "T054141",
          "T054140",
          "T054139",
          "T054138",
          "T054137",
          "T054136",
          "T054135"
        ]
      },
      "release_date": "2026-05-14T22:00:00.000+00:00",
      "title": "CVE-2026-41954"
    },
    {
      "cve": "CVE-2026-41956",
      "product_status": {
        "known_affected": [
          "T054144",
          "T054143",
          "T054142",
          "T054141",
          "T054140",
          "T054139",
          "T054138",
          "T054137",
          "T054136",
          "T054135"
        ]
      },
      "release_date": "2026-05-14T22:00:00.000+00:00",
      "title": "CVE-2026-41956"
    },
    {
      "cve": "CVE-2026-41957",
      "product_status": {
        "known_affected": [
          "T054144",
          "T054143",
          "T054142",
          "T054141",
          "T054140",
          "T054139",
          "T054138",
          "T054137",
          "T054136",
          "T054135"
        ]
      },
      "release_date": "2026-05-14T22:00:00.000+00:00",
      "title": "CVE-2026-41957"
    },
    {
      "cve": "CVE-2026-41959",
      "product_status": {
        "known_affected": [
          "T054144",
          "T054143",
          "T054142",
          "T054141",
          "T054140",
          "T054139",
          "T054138",
          "T054137",
          "T054136",
          "T054135"
        ]
      },
      "release_date": "2026-05-14T22:00:00.000+00:00",
      "title": "CVE-2026-41959"
    },
    {
      "cve": "CVE-2026-42058",
      "product_status": {
        "known_affected": [
          "T054144",
          "T054143",
          "T054142",
          "T054141",
          "T054140",
          "T054139",
          "T054138",
          "T054137",
          "T054136",
          "T054135"
        ]
      },
      "release_date": "2026-05-14T22:00:00.000+00:00",
      "title": "CVE-2026-42058"
    },
    {
      "cve": "CVE-2026-42063",
      "product_status": {
        "known_affected": [
          "T054144",
          "T054143",
          "T054142",
          "T054141",
          "T054140",
          "T054139",
          "T054138",
          "T054137",
          "T054136",
          "T054135"
        ]
      },
      "release_date": "2026-05-14T22:00:00.000+00:00",
      "title": "CVE-2026-42063"
    },
    {
      "cve": "CVE-2026-42406",
      "product_status": {
        "known_affected": [
          "T054144",
          "T054143",
          "T054142",
          "T054141",
          "T054140",
          "T054139",
          "T054138",
          "T054137",
          "T054136",
          "T054135"
        ]
      },
      "release_date": "2026-05-14T22:00:00.000+00:00",
      "title": "CVE-2026-42406"
    },
    {
      "cve": "CVE-2026-42408",
      "product_status": {
        "known_affected": [
          "T054144",
          "T054143",
          "T054142",
          "T054141",
          "T054140",
          "T054139",
          "T054138",
          "T054137",
          "T054136",
          "T054135"
        ]
      },
      "release_date": "2026-05-14T22:00:00.000+00:00",
      "title": "CVE-2026-42408"
    },
    {
      "cve": "CVE-2026-42409",
      "product_status": {
        "known_affected": [
          "T054144",
          "T054143",
          "T054142",
          "T054141",
          "T054140",
          "T054139",
          "T054138",
          "T054137",
          "T054136",
          "T054135"
        ]
      },
      "release_date": "2026-05-14T22:00:00.000+00:00",
      "title": "CVE-2026-42409"
    },
    {
      "cve": "CVE-2026-42780",
      "product_status": {
        "known_affected": [
          "T054144",
          "T054143",
          "T054142",
          "T054141",
          "T054140",
          "T054139",
          "T054138",
          "T054137",
          "T054136",
          "T054135"
        ]
      },
      "release_date": "2026-05-14T22:00:00.000+00:00",
      "title": "CVE-2026-42780"
    },
    {
      "cve": "CVE-2026-42781",
      "product_status": {
        "known_affected": [
          "T054144",
          "T054143",
          "T054142",
          "T054141",
          "T054140",
          "T054139",
          "T054138",
          "T054137",
          "T054136",
          "T054135"
        ]
      },
      "release_date": "2026-05-14T22:00:00.000+00:00",
      "title": "CVE-2026-42781"
    },
    {
      "cve": "CVE-2026-42919",
      "product_status": {
        "known_affected": [
          "T054144",
          "T054143",
          "T054142",
          "T054141",
          "T054140",
          "T054139",
          "T054138",
          "T054137",
          "T054136",
          "T054135"
        ]
      },
      "release_date": "2026-05-14T22:00:00.000+00:00",
      "title": "CVE-2026-42919"
    },
    {
      "cve": "CVE-2026-42920",
      "product_status": {
        "known_affected": [
          "T054144",
          "T054143",
          "T054142",
          "T054141",
          "T054140",
          "T054139",
          "T054138",
          "T054137",
          "T054136",
          "T054135"
        ]
      },
      "release_date": "2026-05-14T22:00:00.000+00:00",
      "title": "CVE-2026-42920"
    },
    {
      "cve": "CVE-2026-42924",
      "product_status": {
        "known_affected": [
          "T054144",
          "T054143",
          "T054142",
          "T054141",
          "T054140",
          "T054139",
          "T054138",
          "T054137",
          "T054136",
          "T054135"
        ]
      },
      "release_date": "2026-05-14T22:00:00.000+00:00",
      "title": "CVE-2026-42924"
    },
    {
      "cve": "CVE-2026-42930",
      "product_status": {
        "known_affected": [
          "T054144",
          "T054143",
          "T054142",
          "T054141",
          "T054140",
          "T054139",
          "T054138",
          "T054137",
          "T054136",
          "T054135"
        ]
      },
      "release_date": "2026-05-14T22:00:00.000+00:00",
      "title": "CVE-2026-42930"
    },
    {
      "cve": "CVE-2026-42937",
      "product_status": {
        "known_affected": [
          "T054144",
          "T054143",
          "T054142",
          "T054141",
          "T054140",
          "T054139",
          "T054138",
          "T054137",
          "T054136",
          "T054135"
        ]
      },
      "release_date": "2026-05-14T22:00:00.000+00:00",
      "title": "CVE-2026-42937"
    }
  ]
}

CVE-2026-24464 (GCVE-0-2026-24464)

Vulnerability from cvelistv5 – Published: 2026-05-13 14:12 – Updated: 2026-05-13 16:08

Title

Appliance mode iControl REST vulnerability

Summary

When running in Appliance mode, a directory traversal vulnerability exists in an undisclosed iControl REST endpoint that may allow an authenticated attacker with administrator role privileges to cross a security boundary and delete files. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

Severity

6.8 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:H/A:N

6.9 (Medium)


                        
                          CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

SSVC

Exploitation: none Automatable: no Technical Impact: partial

CISA Coordinator (v2.0.3)

CWE

CWE-35 - Path Traversal

Assigner

References

1 reference

URL	Tags
https://my.f5.com/manage/s/article/K000160911	vendor-advisorypatch

Impacted products

1 product

Vendor	Product	Version
F5	BIG-IP	Unaffected: 21.1.0 , < * (custom) Affected: 21.0.0 , < 21.0.0.2 (custom) Affected: 17.5.0 , < 17.5.1.6 (custom) Affected: 17.1.0 , < 17.1.3.2 (custom) Affected: 16.1.0 , < * (custom)

Date Public

2026-05-13 14:00

Credits

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-24464",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-05-13T15:57:24.076951Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-05-13T16:08:17.492Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unknown",
          "modules": [
            "All Modules"
          ],
          "product": "BIG-IP",
          "vendor": "F5",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "21.1.0",
              "versionType": "custom"
            },
            {
              "lessThan": "21.0.0.2",
              "status": "affected",
              "version": "21.0.0",
              "versionType": "custom"
            },
            {
              "lessThan": "17.5.1.6",
              "status": "affected",
              "version": "17.5.0",
              "versionType": "custom"
            },
            {
              "lessThan": "17.1.3.2",
              "status": "affected",
              "version": "17.1.0",
              "versionType": "custom"
            },
            {
              "lessThan": "*",
              "status": "affected",
              "version": "16.1.0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "F5"
        }
      ],
      "datePublic": "2026-05-13T14:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eWhen running in Appliance mode, a directory traversal vulnerability exists in an undisclosed iControl REST endpoint that may allow an authenticated attacker with administrator role privileges to cross a security boundary and delete files.\u003c/span\u003e\u0026nbsp; Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated."
            }
          ],
          "value": "When running in Appliance mode, a directory traversal vulnerability exists in an undisclosed iControl REST endpoint that may allow an authenticated attacker with administrator role privileges to cross a security boundary and delete files.\u00a0 Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.8,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:H/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "Appliance Mode"
            }
          ]
        },
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "NETWORK",
            "baseScore": 6.9,
            "baseSeverity": "MEDIUM",
            "privilegesRequired": "HIGH",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "NONE",
            "vulnConfidentialityImpact": "NONE",
            "vulnIntegrityImpact": "HIGH",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "Appliance Mode"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-35",
              "description": "CWE-35 Path Traversal",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-05-13T14:12:42.539Z",
        "orgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
        "shortName": "f5"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory",
            "patch"
          ],
          "url": "https://my.f5.com/manage/s/article/K000160911"
        }
      ],
      "source": {
        "discovery": "INTERNAL"
      },
      "title": "Appliance mode iControl REST vulnerability",
      "x_generator": {
        "engine": "F5 SIRTBot v1.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
    "assignerShortName": "f5",
    "cveId": "CVE-2026-24464",
    "datePublished": "2026-05-13T14:12:42.539Z",
    "dateReserved": "2026-04-30T23:04:27.931Z",
    "dateUpdated": "2026-05-13T16:08:17.492Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-28758 (GCVE-0-2026-28758)

Vulnerability from cvelistv5 – Published: 2026-05-13 14:12 – Updated: 2026-05-13 16:17

Title

BIG-IP iControl REST vulnerability

Summary

When BIG-IP DNS is provisioned, a vulnerability exists in the gtm_add and bigip_add iControl REST commands that return the ssh-password parameter in cleartext in the iControl REST response and is also logged in the audit log. This may allow a highly privileged, authenticated attacker with access to the audit log to view sensitive information. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated

Severity

4.4 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

6.7 (Medium)


                        
                          CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

SSVC

Exploitation: none Automatable: no Technical Impact: partial

CISA Coordinator (v2.0.3)

CWE

CWE-312 - Cleartext Storage of Sensitive Information

Assigner

References

1 reference

URL	Tags
https://my.f5.com/manage/s/article/K000158070	vendor-advisorypatch

Impacted products

1 product

Vendor	Product	Version
F5	BIG-IP	Unaffected: 21.0.0 , < * (custom) Affected: 17.5.0 , < 17.5.1.4 (custom) Affected: 17.1.0 , < 17.1.3.1 (custom) Affected: 16.1.0 , < * (custom)

Date Public

2026-05-13 14:00

Credits

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-28758",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-05-13T16:01:07.059526Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-05-13T16:17:28.635Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unknown",
          "modules": [
            "DNS"
          ],
          "product": "BIG-IP",
          "vendor": "F5",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "21.0.0",
              "versionType": "custom"
            },
            {
              "lessThan": "17.5.1.4",
              "status": "affected",
              "version": "17.5.0",
              "versionType": "custom"
            },
            {
              "lessThan": "17.1.3.1",
              "status": "affected",
              "version": "17.1.0",
              "versionType": "custom"
            },
            {
              "lessThan": "*",
              "status": "affected",
              "version": "16.1.0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "F5"
        }
      ],
      "datePublic": "2026-05-13T14:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eWhen BIG-IP DNS is provisioned, a vulnerability exists in the \u003c/span\u003e\u003cstrong\u003egtm_add\u003c/strong\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;and \u003c/span\u003e\u003cstrong\u003ebigip_add\u003c/strong\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;iControl REST commands that return the \u003c/span\u003e\u003cstrong\u003essh-password\u003c/strong\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;parameter in cleartext in the iControl REST response and is also logged in the audit log. This may allow a highly privileged, authenticated attacker with access to the audit log to view sensitive information.\u003c/span\u003e\u0026nbsp; Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated"
            }
          ],
          "value": "When BIG-IP DNS is provisioned, a vulnerability exists in the gtm_add\u00a0and bigip_add\u00a0iControl REST commands that return the ssh-password\u00a0parameter in cleartext in the iControl REST response and is also logged in the audit log. This may allow a highly privileged, authenticated attacker with access to the audit log to view sensitive information.\u00a0 Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 4.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        },
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "LOCAL",
            "baseScore": 6.7,
            "baseSeverity": "MEDIUM",
            "privilegesRequired": "HIGH",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "NONE",
            "vulnConfidentialityImpact": "HIGH",
            "vulnIntegrityImpact": "NONE",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-312",
              "description": "CWE-312 Cleartext Storage of Sensitive Information",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-05-13T14:12:28.113Z",
        "orgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
        "shortName": "f5"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory",
            "patch"
          ],
          "url": "https://my.f5.com/manage/s/article/K000158070"
        }
      ],
      "source": {
        "discovery": "INTERNAL"
      },
      "title": "BIG-IP iControl REST vulnerability",
      "x_generator": {
        "engine": "F5 SIRTBot v1.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
    "assignerShortName": "f5",
    "cveId": "CVE-2026-28758",
    "datePublished": "2026-05-13T14:12:28.113Z",
    "dateReserved": "2026-04-30T23:02:33.906Z",
    "dateUpdated": "2026-05-13T16:17:28.635Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-32643 (GCVE-0-2026-32643)

Vulnerability from cvelistv5 – Published: 2026-05-13 14:12 – Updated: 2026-05-14 03:56

Title

BIG-IP and BIG-IQ privilege escalation vulnerability

Summary

A vulnerability exists in BIG-IP and BIG-IQ systems where a highly privileged, authenticated attacker with at least the Certificate Manager role can modify configuration objects that allow running arbitrary commands. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

Severity

8.7 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N

8.5 (High)


                        
                          CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N

6.5 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N

SSVC

Exploitation: none Automatable: no Technical Impact: total

CISA Coordinator (v2.0.3)

CWE

CWE-250 - Execution with Unnecessary Privileges

Assigner

References

1 reference

URL	Tags
https://my.f5.com/manage/s/article/K000160972	vendor-advisorypatch

Impacted products

2 products

Vendor	Product	Version
F5	BIG-IP	Unaffected: 21.1.0 , < * (custom) Affected: 21.0.0 , < 21.0.0.2 (custom) Affected: 17.5.0 , < 17.5.1.6 (custom) Affected: 17.1.0 , < 17.1.3.2 (custom) Affected: 16.1.0 , < * (custom)
F5	BIG-IQ	Affected: 8.4.0 , < * (custom)

Date Public

2026-05-13 14:00

Credits

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-32643",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-05-13T00:00:00+00:00",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-05-14T03:56:15.259Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unknown",
          "modules": [
            "All Modules"
          ],
          "product": "BIG-IP",
          "vendor": "F5",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "21.1.0",
              "versionType": "custom"
            },
            {
              "lessThan": "21.0.0.2",
              "status": "affected",
              "version": "21.0.0",
              "versionType": "custom"
            },
            {
              "lessThan": "17.5.1.6",
              "status": "affected",
              "version": "17.5.0",
              "versionType": "custom"
            },
            {
              "lessThan": "17.1.3.2",
              "status": "affected",
              "version": "17.1.0",
              "versionType": "custom"
            },
            {
              "lessThan": "*",
              "status": "affected",
              "version": "16.1.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "BIG-IQ",
          "vendor": "F5",
          "versions": [
            {
              "lessThan": "*",
              "status": "affected",
              "version": "8.4.0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "F5"
        }
      ],
      "datePublic": "2026-05-13T14:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eA vulnerability exists in BIG-IP and BIG-IQ systems where a highly privileged, authenticated attacker with at least the Certificate Manager role can modify configuration objects that allow running arbitrary commands.\u003c/span\u003e\u0026nbsp; Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.\u003cbr\u003e"
            }
          ],
          "value": "A vulnerability exists in BIG-IP and BIG-IQ systems where a highly privileged, authenticated attacker with at least the Certificate Manager role can modify configuration objects that allow running arbitrary commands.\u00a0 Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 8.7,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "Appliance Mode"
            }
          ]
        },
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "NETWORK",
            "baseScore": 8.5,
            "baseSeverity": "HIGH",
            "privilegesRequired": "HIGH",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "NONE",
            "vulnConfidentialityImpact": "HIGH",
            "vulnIntegrityImpact": "HIGH",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        },
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-250",
              "description": "CWE-250 Execution with Unnecessary Privileges",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-05-13T14:12:40.580Z",
        "orgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
        "shortName": "f5"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory",
            "patch"
          ],
          "url": "https://my.f5.com/manage/s/article/K000160972"
        }
      ],
      "source": {
        "discovery": "INTERNAL"
      },
      "title": "BIG-IP and BIG-IQ privilege escalation vulnerability",
      "x_generator": {
        "engine": "F5 SIRTBot v1.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
    "assignerShortName": "f5",
    "cveId": "CVE-2026-32643",
    "datePublished": "2026-05-13T14:12:40.580Z",
    "dateReserved": "2026-04-30T23:04:20.024Z",
    "dateUpdated": "2026-05-14T03:56:15.259Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-32673 (GCVE-0-2026-32673)

Vulnerability from cvelistv5 – Published: 2026-05-13 14:12 – Updated: 2026-05-14 03:56

Title

BIG-IP scripted monitor vulnerability

Summary

A vulnerability exists in BIG-IP scripted monitors that may allow an authenticated attacker with the Resource Administrator or Administrator role to execute arbitrary system commands with higher privileges. In appliance mode deployments, a successful exploit can allow the attacker to cross a security boundary. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

Severity

6.5 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N

8.5 (High)


                        
                          CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N

8.7 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N

SSVC

Exploitation: none Automatable: no Technical Impact: total

CISA Coordinator (v2.0.3)

CWE

CWE-250 - Execution with Unnecessary Privileges

Assigner

References

1 reference

URL	Tags
https://my.f5.com/manage/s/article/K000161040	vendor-advisorypatch

Impacted products

1 product

Vendor	Product	Version
F5	BIG-IP	Unaffected: 21.1.0 , < * (custom) Affected: 21.0.0 , < 21.0.0.2 (custom) Affected: 17.5.0 , < 17.5.1.6 (custom) Affected: 17.1.0 , < 17.1.3.2 (custom) Affected: 16.1.0 , < * (custom)

Date Public

2026-05-13 14:00

Credits

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-32673",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-05-13T00:00:00+00:00",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-05-14T03:56:08.298Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unknown",
          "modules": [
            "All Modules"
          ],
          "product": "BIG-IP",
          "vendor": "F5",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "21.1.0",
              "versionType": "custom"
            },
            {
              "lessThan": "21.0.0.2",
              "status": "affected",
              "version": "21.0.0",
              "versionType": "custom"
            },
            {
              "lessThan": "17.5.1.6",
              "status": "affected",
              "version": "17.5.0",
              "versionType": "custom"
            },
            {
              "lessThan": "17.1.3.2",
              "status": "affected",
              "version": "17.1.0",
              "versionType": "custom"
            },
            {
              "lessThan": "*",
              "status": "affected",
              "version": "16.1.0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "F5"
        }
      ],
      "datePublic": "2026-05-13T14:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eA vulnerability exists in BIG-IP scripted monitors that may allow an authenticated attacker with the Resource Administrator or Administrator role to execute arbitrary system commands with higher privileges. In appliance mode deployments, a successful exploit can allow the attacker to cross a security boundary.\u003c/span\u003e\u0026nbsp;\u0026nbsp;\u003c/span\u003eNote: Software versions which have reached End of Technical Support (EoTS) are not evaluated."
            }
          ],
          "value": "A vulnerability exists in BIG-IP scripted monitors that may allow an authenticated attacker with the Resource Administrator or Administrator role to execute arbitrary system commands with higher privileges. In appliance mode deployments, a successful exploit can allow the attacker to cross a security boundary.\u00a0\u00a0Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        },
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "NETWORK",
            "baseScore": 8.5,
            "baseSeverity": "HIGH",
            "privilegesRequired": "HIGH",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "NONE",
            "vulnConfidentialityImpact": "HIGH",
            "vulnIntegrityImpact": "HIGH",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "Standard and Appliance Mode deployment"
            }
          ]
        },
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 8.7,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "Appliance Mode"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-250",
              "description": "CWE-250 Execution with Unnecessary Privileges",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-05-13T14:12:39.375Z",
        "orgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
        "shortName": "f5"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory",
            "patch"
          ],
          "url": "https://my.f5.com/manage/s/article/K000161040"
        }
      ],
      "source": {
        "discovery": "INTERNAL"
      },
      "title": "BIG-IP scripted monitor vulnerability",
      "x_generator": {
        "engine": "F5 SIRTBot v1.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
    "assignerShortName": "f5",
    "cveId": "CVE-2026-32673",
    "datePublished": "2026-05-13T14:12:39.375Z",
    "dateReserved": "2026-04-30T23:04:20.003Z",
    "dateUpdated": "2026-05-14T03:56:08.298Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-34176 (GCVE-0-2026-34176)

Vulnerability from cvelistv5 – Published: 2026-05-13 14:12 – Updated: 2026-05-14 03:56

Title

Knowledge Appliance mode iControl REST vulnerability

Summary

When running in Appliance mode, an authenticated remote command injection vulnerability exists in an undisclosed iControl REST endpoint. A successful exploit can allow the attacker to cross a security boundary. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

Severity

8.7 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N

8.5 (High)


                        
                          CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N

SSVC

Exploitation: none Automatable: no Technical Impact: total

CISA Coordinator (v2.0.3)

CWE

CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Assigner

References

1 reference

URL	Tags
https://my.f5.com/manage/s/article/K000160857	vendor-advisorypatch

Impacted products

1 product

Vendor	Product	Version
F5	BIG-IP	Unaffected: 21.1.0 , < * (custom) Affected: 21.0.0 , < 21.0.0.2 (custom) Affected: 17.5.0 , < 17.5.1.6 (custom) Affected: 17.1.0 , < 17.1.3.2 (custom) Affected: 16.1.0 , < * (custom)

Date Public

2026-05-12 14:00

Credits

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-34176",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-05-13T00:00:00+00:00",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-05-14T03:56:19.828Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unknown",
          "modules": [
            "All Modules"
          ],
          "product": "BIG-IP",
          "vendor": "F5",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "21.1.0",
              "versionType": "custom"
            },
            {
              "lessThan": "21.0.0.2",
              "status": "affected",
              "version": "21.0.0",
              "versionType": "custom"
            },
            {
              "lessThan": "17.5.1.6",
              "status": "affected",
              "version": "17.5.0",
              "versionType": "custom"
            },
            {
              "lessThan": "17.1.3.2",
              "status": "affected",
              "version": "17.1.0",
              "versionType": "custom"
            },
            {
              "lessThan": "*",
              "status": "affected",
              "version": "16.1.0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "F5"
        }
      ],
      "datePublic": "2026-05-12T14:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eWhen running in Appliance mode, an authenticated remote command injection vulnerability exists in an undisclosed iControl REST endpoint. A successful exploit can allow the attacker to cross a security boundary.\u0026nbsp;\u0026nbsp;\n\nNote: Software versions which have reached End of Technical Support (EoTS) are not evaluated.\n\n\u003c/span\u003e"
            }
          ],
          "value": "When running in Appliance mode, an authenticated remote command injection vulnerability exists in an undisclosed iControl REST endpoint. A successful exploit can allow the attacker to cross a security boundary.\u00a0\u00a0\n\nNote: Software versions which have reached End of Technical Support (EoTS) are not evaluated."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 8.7,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        },
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "NETWORK",
            "baseScore": 8.5,
            "baseSeverity": "HIGH",
            "privilegesRequired": "HIGH",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "NONE",
            "vulnConfidentialityImpact": "HIGH",
            "vulnIntegrityImpact": "HIGH",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-78",
              "description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-05-13T14:12:38.659Z",
        "orgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
        "shortName": "f5"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory",
            "patch"
          ],
          "url": "https://my.f5.com/manage/s/article/K000160857"
        }
      ],
      "source": {
        "discovery": "INTERNAL"
      },
      "title": "Knowledge Appliance mode iControl REST vulnerability",
      "x_generator": {
        "engine": "F5 SIRTBot v1.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
    "assignerShortName": "f5",
    "cveId": "CVE-2026-34176",
    "datePublished": "2026-05-13T14:12:38.659Z",
    "dateReserved": "2026-04-30T23:04:19.989Z",
    "dateUpdated": "2026-05-14T03:56:19.828Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-35062 (GCVE-0-2026-35062)

Vulnerability from cvelistv5 – Published: 2026-05-13 14:12 – Updated: 2026-05-13 16:13

Title

iControl SOAP vulnerability

Summary

An authenticated iControl SOAP user may be able to obtain information of other accounts. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

Severity

6.5 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

7.1 (High)


                        
                          CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

SSVC

Exploitation: none Automatable: no Technical Impact: partial

CISA Coordinator (v2.0.3)

CWE

CWE-266 - Incorrect Privilege Assignment.

Assigner

References

1 reference

URL	Tags
https://my.f5.com/manage/s/article/K000159021	vendor-advisorypatch

Impacted products

1 product

Vendor	Product	Version
F5	BIG-IP	Unaffected: 21.1.0 , < * (custom) Affected: 21.0.0 , < 21.0.0.1 (custom) Affected: 17.5.1 , < 17.5.1.4 (custom) Affected: 17.1.0 , < 17.1.3.1 (custom) Affected: 16.1.0 , < * (custom)

Date Public

2026-05-13 14:00

Credits

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-35062",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-05-13T16:01:55.758956Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-05-13T16:13:30.427Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unknown",
          "modules": [
            "All Modules"
          ],
          "product": "BIG-IP",
          "vendor": "F5",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "21.1.0",
              "versionType": "custom"
            },
            {
              "lessThan": "21.0.0.1",
              "status": "affected",
              "version": "21.0.0",
              "versionType": "custom"
            },
            {
              "lessThan": "17.5.1.4",
              "status": "affected",
              "version": "17.5.1",
              "versionType": "custom"
            },
            {
              "lessThan": "17.1.3.1",
              "status": "affected",
              "version": "17.1.0",
              "versionType": "custom"
            },
            {
              "lessThan": "*",
              "status": "affected",
              "version": "16.1.0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "F5"
        }
      ],
      "datePublic": "2026-05-13T14:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eAn authenticated iControl SOAP user may be able to obtain information of other accounts.\u0026nbsp;\n\nNote: Software versions which have reached End of Technical Support (EoTS) are not evaluated.\n\n\u003c/span\u003e"
            }
          ],
          "value": "An authenticated iControl SOAP user may be able to obtain information of other accounts.\u00a0\n\nNote: Software versions which have reached End of Technical Support (EoTS) are not evaluated."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        },
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "NETWORK",
            "baseScore": 7.1,
            "baseSeverity": "HIGH",
            "privilegesRequired": "LOW",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "NONE",
            "vulnConfidentialityImpact": "HIGH",
            "vulnIntegrityImpact": "NONE",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-266",
              "description": "CWE-266 Incorrect Privilege Assignment.",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-05-13T14:12:34.293Z",
        "orgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
        "shortName": "f5"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory",
            "patch"
          ],
          "url": "https://my.f5.com/manage/s/article/K000159021"
        }
      ],
      "source": {
        "discovery": "INTERNAL"
      },
      "title": "iControl SOAP vulnerability",
      "x_generator": {
        "engine": "F5 SIRTBot v1.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
    "assignerShortName": "f5",
    "cveId": "CVE-2026-35062",
    "datePublished": "2026-05-13T14:12:34.293Z",
    "dateReserved": "2026-04-30T23:02:47.700Z",
    "dateUpdated": "2026-05-13T16:13:30.427Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-39455 (GCVE-0-2026-39455)

Vulnerability from cvelistv5 – Published: 2026-05-13 14:12 – Updated: 2026-05-13 16:09

Title

BIG-IP Configuration utility vulnerability

Summary

When the BIG-IP Configuration utility is configured to use Lightweight Directory Access Protocol (LDAP) authentication, undisclosed traffic can cause the httpd process to exhaust the available file descriptors. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

Severity

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

8.7 (High)


                        
                          CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

SSVC

Exploitation: none Automatable: yes Technical Impact: partial

CISA Coordinator (v2.0.3)

CWE

CWE-772 - Missing Release of Resource after Effective Lifetime

Assigner

References

1 reference

URL	Tags
https://my.f5.com/manage/s/article/K000160874	vendor-advisorypatch

Impacted products

1 product

Vendor	Product	Version
F5	BIG-IP	Unaffected: 21.1.0 , < * (custom) Affected: 21.0.0 , < 21.0.0.2 (custom) Affected: 17.5.0 , < 17.5.1.6 (custom) Affected: 17.1.0 , < 17.1.3.2 (custom) Affected: 16.1.0 , < * (custom)

Date Public

2026-05-13 14:00

Credits

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-39455",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-05-13T16:02:47.984687Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-05-13T16:09:59.231Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unknown",
          "modules": [
            "All Modules"
          ],
          "product": "BIG-IP",
          "vendor": "F5",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "21.1.0",
              "versionType": "custom"
            },
            {
              "lessThan": "21.0.0.2",
              "status": "affected",
              "version": "21.0.0",
              "versionType": "custom"
            },
            {
              "lessThan": "17.5.1.6",
              "status": "affected",
              "version": "17.5.0",
              "versionType": "custom"
            },
            {
              "lessThan": "17.1.3.2",
              "status": "affected",
              "version": "17.1.0",
              "versionType": "custom"
            },
            {
              "lessThan": "*",
              "status": "affected",
              "version": "16.1.0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "F5"
        }
      ],
      "datePublic": "2026-05-13T14:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eWhen the BIG-IP Configuration utility is configured to use Lightweight Directory Access Protocol (LDAP) authentication, undisclosed traffic can cause the \u003c/span\u003e\u003cstrong\u003ehttpd\u003c/strong\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;process to exhaust the available file descriptors.\u0026nbsp;\u0026nbsp;\u003c/span\u003eNote: Software versions which have reached End of Technical Support (EoTS) are not evaluated."
            }
          ],
          "value": "When the BIG-IP Configuration utility is configured to use Lightweight Directory Access Protocol (LDAP) authentication, undisclosed traffic can cause the httpd\u00a0process to exhaust the available file descriptors.\u00a0\u00a0Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        },
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "NETWORK",
            "baseScore": 8.7,
            "baseSeverity": "HIGH",
            "privilegesRequired": "NONE",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "HIGH",
            "vulnConfidentialityImpact": "NONE",
            "vulnIntegrityImpact": "NONE",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-772",
              "description": "CWE-772: Missing Release of Resource after Effective Lifetime",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-05-13T14:12:39.762Z",
        "orgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
        "shortName": "f5"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory",
            "patch"
          ],
          "url": "https://my.f5.com/manage/s/article/K000160874"
        }
      ],
      "source": {
        "discovery": "INTERNAL"
      },
      "title": "BIG-IP Configuration utility vulnerability",
      "x_generator": {
        "engine": "F5 SIRTBot v1.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
    "assignerShortName": "f5",
    "cveId": "CVE-2026-39455",
    "datePublished": "2026-05-13T14:12:39.762Z",
    "dateReserved": "2026-04-30T23:04:20.012Z",
    "dateUpdated": "2026-05-13T16:09:59.231Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-39458 (GCVE-0-2026-39458)

Vulnerability from cvelistv5 – Published: 2026-05-13 14:12 – Updated: 2026-05-13 16:08

Title

BIG-IP DNS Cache vulnerability

Summary

When a BIG-IP DNS profile enabled with DNS cache is configured on a virtual server, undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

Severity

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

8.7 (High)


                        
                          CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

SSVC

Exploitation: none Automatable: yes Technical Impact: partial

CISA Coordinator (v2.0.3)

CWE

CWE-824 - Access of Uninitialized Pointer

Assigner

References

1 reference

URL	Tags
https://my.f5.com/manage/s/article/K000160945	vendor-advisorypatch

Impacted products

1 product

Vendor	Product	Version
F5	BIG-IP	Unaffected: 21.1.0 , < * (custom) Affected: 21.0.0 , < 21.0.0.1 (custom) Affected: 17.5.0 , < 17.5.1.6 (custom) Affected: 17.1.0 , < 17.1.3.2 (custom) Affected: 16.1.0 , < * (custom)

Date Public

2026-05-13 14:00

Credits

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-39458",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-05-13T15:57:30.714703Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-05-13T16:08:30.675Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unknown",
          "modules": [
            "All Modules"
          ],
          "product": "BIG-IP",
          "vendor": "F5",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "21.1.0",
              "versionType": "custom"
            },
            {
              "lessThan": "21.0.0.1",
              "status": "affected",
              "version": "21.0.0",
              "versionType": "custom"
            },
            {
              "lessThan": "17.5.1.6",
              "status": "affected",
              "version": "17.5.0",
              "versionType": "custom"
            },
            {
              "lessThan": "17.1.3.2",
              "status": "affected",
              "version": "17.1.0",
              "versionType": "custom"
            },
            {
              "lessThan": "*",
              "status": "affected",
              "version": "16.1.0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "F5"
        }
      ],
      "datePublic": "2026-05-13T14:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eWhen a BIG-IP DNS profile enabled with DNS cache is configured on a virtual server, undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate.\u003c/span\u003e\u0026nbsp; Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated."
            }
          ],
          "value": "When a BIG-IP DNS profile enabled with DNS cache is configured on a virtual server, undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate.\u00a0 Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        },
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "NETWORK",
            "baseScore": 8.7,
            "baseSeverity": "HIGH",
            "privilegesRequired": "NONE",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "HIGH",
            "vulnConfidentialityImpact": "NONE",
            "vulnIntegrityImpact": "NONE",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-824",
              "description": "CWE-824: Access of Uninitialized Pointer",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-05-13T14:12:42.079Z",
        "orgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
        "shortName": "f5"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory",
            "patch"
          ],
          "url": "https://my.f5.com/manage/s/article/K000160945"
        }
      ],
      "source": {
        "discovery": "INTERNAL"
      },
      "title": "BIG-IP DNS Cache vulnerability",
      "x_generator": {
        "engine": "F5 SIRTBot v1.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
    "assignerShortName": "f5",
    "cveId": "CVE-2026-39458",
    "datePublished": "2026-05-13T14:12:42.079Z",
    "dateReserved": "2026-04-30T23:04:27.924Z",
    "dateUpdated": "2026-05-13T16:08:30.675Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-39459 (GCVE-0-2026-39459)

Vulnerability from cvelistv5 – Published: 2026-05-13 14:12 – Updated: 2026-05-14 03:56

Title

iControl REST and tmsh vulnerability

Summary

A vulnerability exists in iControl REST and the TMOS Shell (tmsh) where a highly privileged, authenticated attacker with at least the Manager role can create configuration objects that allow running arbitrary commands. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

Severity

7.2 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

8.6 (High)


                        
                          CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

SSVC

Exploitation: none Automatable: no Technical Impact: total

CISA Coordinator (v2.0.3)

CWE

CWE-272 - Least Privilege Violation

Assigner

References

1 reference

URL	Tags
https://my.f5.com/manage/s/article/K000160863	vendor-advisorypatch

Impacted products

1 product

Vendor	Product	Version
F5	BIG-IP	Unaffected: 21.1.0 , < * (custom) Affected: 21.0.0 , < 21.0.0.2 (custom) Affected: 17.5.0 , < 17.5.1.6 (custom) Affected: 17.1.0 , < 17.1.3.2 (custom) Affected: 16.1.0 , < * (custom)

Date Public

2026-05-13 14:00

Credits

F5 acknowledges Adam Logue for bringing this issue to our attention and following the highest standards of coordinated disclosure.

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-39459",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-05-13T00:00:00+00:00",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-05-14T03:56:25.338Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unknown",
          "modules": [
            "All Modules"
          ],
          "product": "BIG-IP",
          "vendor": "F5",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "21.1.0",
              "versionType": "custom"
            },
            {
              "lessThan": "21.0.0.2",
              "status": "affected",
              "version": "21.0.0",
              "versionType": "custom"
            },
            {
              "lessThan": "17.5.1.6",
              "status": "affected",
              "version": "17.5.0",
              "versionType": "custom"
            },
            {
              "lessThan": "17.1.3.2",
              "status": "affected",
              "version": "17.1.0",
              "versionType": "custom"
            },
            {
              "lessThan": "*",
              "status": "affected",
              "version": "16.1.0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "reporter",
          "value": "F5 acknowledges Adam Logue for bringing this issue to our attention and following the highest standards of coordinated disclosure."
        }
      ],
      "datePublic": "2026-05-13T14:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eA vulnerability exists in iControl REST and the TMOS Shell (\u003c/span\u003e\u003cstrong\u003etmsh\u003c/strong\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e) where a highly privileged, authenticated attacker with at least the Manager role can create configuration objects that allow running arbitrary commands.\u003c/span\u003e\n\n\u0026nbsp;Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated."
            }
          ],
          "value": "A vulnerability exists in iControl REST and the TMOS Shell (tmsh) where a highly privileged, authenticated attacker with at least the Manager role can create configuration objects that allow running arbitrary commands.\n\n\u00a0Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.2,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        },
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "NETWORK",
            "baseScore": 8.6,
            "baseSeverity": "HIGH",
            "privilegesRequired": "HIGH",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "HIGH",
            "vulnConfidentialityImpact": "HIGH",
            "vulnIntegrityImpact": "HIGH",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-272",
              "description": "CWE-272 Least Privilege Violation",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-05-13T14:12:37.565Z",
        "orgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
        "shortName": "f5"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory",
            "patch"
          ],
          "url": "https://my.f5.com/manage/s/article/K000160863"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "iControl REST and tmsh vulnerability",
      "x_generator": {
        "engine": "F5 SIRTBot v1.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
    "assignerShortName": "f5",
    "cveId": "CVE-2026-39459",
    "datePublished": "2026-05-13T14:12:37.565Z",
    "dateReserved": "2026-04-30T23:04:10.899Z",
    "dateUpdated": "2026-05-14T03:56:25.338Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-40060 (GCVE-0-2026-40060)

Vulnerability from cvelistv5 – Published: 2026-05-13 14:12 – Updated: 2026-05-13 16:12

Title

BIG-IP Advanced WAF and ASM vulnerability

Summary

When a BIG-IP Advanced WAF or ASM security policy is configured on a virtual server, undisclosed requests can cause the bd process to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

Severity

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

8.7 (High)


                        
                          CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

SSVC

Exploitation: none Automatable: yes Technical Impact: partial

CISA Coordinator (v2.0.3)

CWE

CWE-252 - Unchecked Return Value

Assigner

References

1 reference

URL	Tags
https://my.f5.com/manage/s/article/K000160727	vendor-advisorypatch

Impacted products

1 product

Vendor	Product	Version
F5	BIG-IP	Unaffected: 21.1.0 , < * (custom) Affected: 21.0.0 , < 21.0.0.1 (custom) Affected: 17.5.0 , < 17.5.1.4 (custom) Affected: 17.1.0 , < 17.1.3.1 (custom) Affected: 16.1.0 , < * (custom)

Date Public

2026-05-13 14:00

Credits

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-40060",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-05-13T16:02:39.431474Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-05-13T16:12:34.820Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unknown",
          "modules": [
            "Advanced WAF"
          ],
          "product": "BIG-IP",
          "vendor": "F5",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "21.1.0",
              "versionType": "custom"
            },
            {
              "lessThan": "21.0.0.1",
              "status": "affected",
              "version": "21.0.0",
              "versionType": "custom"
            },
            {
              "lessThan": "17.5.1.4",
              "status": "affected",
              "version": "17.5.0",
              "versionType": "custom"
            },
            {
              "lessThan": "17.1.3.1",
              "status": "affected",
              "version": "17.1.0",
              "versionType": "custom"
            },
            {
              "lessThan": "*",
              "status": "affected",
              "version": "16.1.0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "F5"
        }
      ],
      "datePublic": "2026-05-13T14:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eWhen a BIG-IP Advanced WAF or ASM security policy is configured on a virtual server, undisclosed requests can cause the \u003cstrong\u003ebd\u003c/strong\u003e\u0026nbsp;process to terminate.\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;\u003c/span\u003e\n\n \n\n\nNote: Software versions which have reached End of Technical Support (EoTS) are not evaluated."
            }
          ],
          "value": "When a BIG-IP Advanced WAF or ASM security policy is configured on a virtual server, undisclosed requests can cause the bd\u00a0process to terminate.\u00a0\n\n \n\n\nNote: Software versions which have reached End of Technical Support (EoTS) are not evaluated."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        },
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "NETWORK",
            "baseScore": 8.7,
            "baseSeverity": "HIGH",
            "privilegesRequired": "NONE",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "HIGH",
            "vulnConfidentialityImpact": "NONE",
            "vulnIntegrityImpact": "NONE",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-252",
              "description": "CWE-252 Unchecked Return Value",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-05-13T14:12:35.775Z",
        "orgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
        "shortName": "f5"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory",
            "patch"
          ],
          "url": "https://my.f5.com/manage/s/article/K000160727"
        }
      ],
      "source": {
        "discovery": "INTERNAL"
      },
      "title": "BIG-IP Advanced WAF and ASM vulnerability",
      "x_generator": {
        "engine": "F5 SIRTBot v1.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
    "assignerShortName": "f5",
    "cveId": "CVE-2026-40060",
    "datePublished": "2026-05-13T14:12:35.775Z",
    "dateReserved": "2026-04-30T23:04:10.878Z",
    "dateUpdated": "2026-05-13T16:12:34.820Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

WID-SEC-W-2026-1532

CVE-2026-24464 (GCVE-0-2026-24464)

CVE-2026-28758 (GCVE-0-2026-28758)

CVE-2026-32643 (GCVE-0-2026-32643)

CVE-2026-32673 (GCVE-0-2026-32673)

CVE-2026-34176 (GCVE-0-2026-34176)

CVE-2026-35062 (GCVE-0-2026-35062)

CVE-2026-39455 (GCVE-0-2026-39455)

CVE-2026-39458 (GCVE-0-2026-39458)

CVE-2026-39459 (GCVE-0-2026-39459)

CVE-2026-40060 (GCVE-0-2026-40060)

Tags

Sightings

Nomenclature