4 matches found
K000161785: NGINX Gateway Fabric vulnerability CVE-2026-50107
Security Advisory Description When NGINX Plus or NGINX Open Source is configured as the data plane for NGINX Gateway Fabric, an injection vulnerability exists in the NGINX configuration generator component of NGINX Gateway Fabric. User-supplied string values from the NginxProxy Custom Resource...
K000156581: iControl REST and tmsh vulnerability CVE-2026-40462
Security Advisory Description Incorrect permission assignment vulnerabilities exist in iControl REST and TMOS Shell tmsh undisclosed command which may allow an authenticated attacker to view sensitive information. CVE-2026-40462 Impact An authenticated attacker may exploit these vulnerabilities b...
K35544022: BIG-IP Configuration utility CSRF vulnerability CVE-2026-40703
Security Advisory Description A cross-site request forgery CSRF vulnerability exists in the dashboard of the BIG-IP Configuration utility. CVE-2026-40703 Impact A remote, unauthenticated attacker may exploit this vulnerability by causing an authenticated user to send a crafted request to the BIG-...
CVE-2019-6639
On BIG-IP AFM, PEM 14.1.0-14.1.0.5, 14.0.0-14.0.0.4, 13.0.0-13.1.1.4, 12.1.0-12.1.4, 11.6.1-11.6.3.4, and 11.5.1-11.5.8, an undisclosed TMUI pages for AFM and PEM Subscriber management are vulnerable to a stored cross-site scripting XSS issue. This is a control plane issue only and is not...