CVE-2026-42781 BIG-IP FastL4 virtual server vulnerability

When embedded Packet Velocity Acceleration ePVA acceleration is configured, undisclosed local ethernet traffic can cause an increase in ePVA and Traffic Management Microkernel TMM resource utilization. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...

CVE-2026-41957

CVE-2026-41957 affects the BIG-IP and BIG-IQ Configuration utility. The connected advisory confirms an authenticated remote code execution vulnerability via undisclosed vectors in the Configuration utility (control plane access), with CWE-502 deserialization noted in the security advisory details...

CVE-2026-41957 BIG-IP and BIG-IQ Configuration utility vulnerability

An authenticated remote code execution vulnerability through undisclosed vectors exists in the BIG-IP and BIG-IQ Configuration utility. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...

CVE-2026-42408 BIG-IP DNS tmsh vulnerability

When BIG-IP DNS is provisioned, a vulnerability exists in an undisclosed TMOS Shell tmsh command that may allow a highly privileged authenticated attacker to view sensitive information. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...

CVE-2026-42408

When BIG-IP DNS is provisioned, a vulnerability exists in an undisclosed TMOS Shell tmsh command that may allow a highly privileged authenticated attacker to view sensitive information. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...

CVE-2026-40067

BIG-IP APM CVE-2026-40067 affects BIG-IP APM with vulnerable 21.x releases (e.g., 21.0.0 exposed). The issue occurs when an access policy is configured on a virtual server, allowing undisclosed traffic to trigger a denial-of-service by terminating the apmd process. The F5 advisory classifies this...

CVE-2026-41957 BIG-IP and BIG-IQ Configuration utility vulnerability

An authenticated remote code execution vulnerability through undisclosed vectors exists in the BIG-IP and BIG-IQ Configuration utility. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...

CVE-2026-42780 BIG-IP SSL Orchestrator vulnerability

A directory traversal vulnerability exists in BIG-IP SSL Orchestrator that allows an authenticated attacker with high privilege to overwrite, delete or corrupt arbitrary local files. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...

CVE-2026-40699 BIG-IP Configuration utility vulnerability

A vulnerability exists in the undisclosed pages in the Configuration utility that may allow a low-privileged authenticated attacker to access to undisclosed sensitive information. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...

CVE-2026-40699

CVE-2026-40699 – BIG-IP Configuration utility vulnerability : The F5 security advisory describes a vulnerability in undisclosed pages of the BIG-IP Configuration utility that can be exploited by a low-privileged authenticated attacker with network access through the BIG-IP management port or self...

CVE-2026-42780

CVE-2026-42780 affects BIG-IP SSL Orchestrator with a directory traversal vulnerability that enables an authenticated user with high privileges to overwrite, delete, or corrupt arbitrary local files. The connected F5 advisory confirms vulnerable branches/versions and fixes: BIG-IP SSL Orchestrato...

CVE-2026-28758

CVE-2026-28758 affects BIG-IP DNS: the gtm_add and bigip_add iControl REST commands return the ssh-password in cleartext in responses and audit logs, enabling a highly privileged, authenticated attacker with audit-log access to view sensitive data. Affected versions include BIG-IP DNS on 21.x (vu...

CVE-2026-41219

Summary of CVE-2026-41219 (BIG-IP qkview): A low-privileged attacker can read sensitive information from a QKView file due to improper sanitization in the BIG-IP qkview utility. Affected branches include BIG-IP Next (SPK/CNF for all, with known vulnerable ranges) and BIG-IP (17.x, 16.x) as shown ...

CVE-2026-28758 BIG-IP iControl REST vulnerability

When BIG-IP DNS is provisioned, a vulnerability exists in the gtmadd and bigipadd iControl REST commands that return the ssh-password parameter in cleartext in the iControl REST response and is also logged in the audit log. This may allow a highly privileged, authenticated attacker with access to...

CVE-2026-41219 BIG-IP QKView vulnerability

An improper sanitization vulnerability exists in the BIG-IP QKView utility that allows a low-privileged attacker to read sensitive information from a QKView file. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...

CVE-2026-28758

When BIG-IP DNS is provisioned, a vulnerability exists in the gtmadd and bigipadd iControl REST commands that return the ssh-password parameter in cleartext in the iControl REST response and is also logged in the audit log. This may allow a highly privileged, authenticated attacker with access to...

CVE-2026-40435 BIG-IP httpd access control vulnerability

When configured, IP-based access restrictions for httpd do not cover all endpoints, which may allow connections from blocked addresses. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...

CVE-2026-40435 BIG-IP httpd access control vulnerability

When configured, IP-based access restrictions for httpd do not cover all endpoints, which may allow connections from blocked addresses. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...

CVE-2026-40703 BIG-IP Configuration utility CSRF vulnerability

A cross-site request forgery CSRF vulnerability exists in the dashboard of the BIG-IP Configuration utility. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...

CVE-2026-40703 BIG-IP Configuration utility CSRF vulnerability

A cross-site request forgery CSRF vulnerability exists in the dashboard of the BIG-IP Configuration utility. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...