CVE-2026-42930

CVE-2026-42930 affects BIG-IP in Appliance mode. An authenticated attacker with the Administrator role may bypass Appliance mode restrictions, enabling read/modify of arbitrary system files (control plane issue; no data plane exposure). Affected branches and fixes per F5 advisories: BIG-IP all mo...

CVE-2026-42924

CVE-2026-42924 affects BIG-IP with iControl SOAP. An authenticated user with Resource Administrator or Administrator rights can create SNMP configuration objects via iControl SOAP, leading to privilege escalation (control-plane issue; data plane unaffected). CVSS v3.1: 8.7 (NETWORK, HIGH). CVSS v...

CVE-2025-47148

When the BIG-IP system is configured as both a Security Assertion Markup Language SAML service provider SP and Identity Provider IdP, with single logout SLO enabled on an access policy, undisclosed requests can cause an increase in memory resource utilization. Note: Software versions which have...

CVE-2025-47148 BIG-IP APM and SSL Orchestrator vulnerability

When the BIG-IP system is configured as both a Security Assertion Markup Language SAML service provider SP and Identity Provider IdP, with single logout SLO enabled on an access policy, undisclosed requests can cause an increase in memory resource utilization. Note: Software versions which have...

CVE-2020-5933

On versions 15.1.0-15.1.0.5, 14.1.0-14.1.2.3, 13.1.0-13.1.3.4, 12.1.0-12.1.5.1, and 11.6.1-11.6.5.1, when a BIG-IP system that has a virtual server configured with an HTTP compression profile processes compressed HTTP message payloads that require deflation, a Slowloris-style attack can trigger a...