K000161614: Out-of-band Security Notification (June 17, 2026)

Security Advisory Description On June 17, 2026, F5 announced the following security issues. This document is intended to serve as an overview of these vulnerabilities to help determine the impact to your F5 devices. You can find the details of each issue in the associated articles. High CVEs Medi...

CVE-2026-32281 vulnerabilities

Vulnerabilities for packages: mc, dynamic-localpv-provisioner, etcd, temporal, trillian, terraform, envoy-ratelimit, gitaly, crossplane-provider-keycloak, amazon-k8s-cni, redka, kubernetes-dashboard, aws-node-termination-handler, incert, terraform-provider-time, rancher-system-upgrade-controller,...

CVE-2026-27142 vulnerabilities

Vulnerabilities for packages: mc, net-kourier, pulumi-language-dotnet, sftpgo-plugin-eventstore, memcached-exporter, kube-rbac-proxy, thanos, terraform-provider-azapi, aws-load-balancer-controller, docker-compose, trillian, gitaly, neuvector-sigstore-interface, kube-vip-cloud-provider, redka,...

CVE-2026-25679 vulnerabilities

Vulnerabilities for packages: mc, dynamic-localpv-provisioner, kube-rbac-proxy, trillian, gitaly, neuvector-sigstore-interface, amazon-k8s-cni, redka, kubernetes-dashboard, azurefile-csi, terraform-provider-time, rancher-system-upgrade-controller, kube-fluentd-operator, cilium-certgen,...

EUVD-2022-38133

Malicious code in bioql PyPI...

EUVD-2023-32362

Malicious code in bioql PyPI...

The vulnerability of the config_dirs function in the NGINX Agent demon and the NGINX Instance Manager automation platform allows a hacker to write or overwrite any files they desire.

The vulnerability of the configdirs function in the NGINX Agent demon and the NGINX Instance Manager platform relates to the ability to load arbitrary files beyond the expected directory path. Exploiting this vulnerability allows a malicious actor to write or rewrite arbitrary files remotely...

PT-2024-6180 · Nginx · Nginx Agent

Name of the Vulnerable Software and Affected Versions: NGINX Agent affected versions not specified Description: The issue is related to the config dirs function of the NGINX Agent and NGINX Instance Manager platform, which allows an attacker to upload arbitrary files outside the intended director...

The vulnerabilities of the NGINX Instance Manager automation platform, the NGINX API Connectivity Manager connection management controller, and the NGINX Security Monitoring security monitoring and management platform are related to the improper use of standard permissions. This allows attackers to increase their privileges.

The vulnerabilities of the NGINX Instance Manager automation platform, the NGINX API Connectivity Manager for connection management, and the NGINX Security Monitoring platform are related to the improper use of standard permissions. Exploiting these vulnerabilities can allow attackers to increase...

The vulnerabilities of the NGINX Instance Manager automation platform, the NGINX API Connectivity Manager connection management controller, and the NGINX Security Monitoring security monitoring platform involve exploiting authentication bypasses through the use of user-controlled keys. This allows attackers to circumvent security restrictions and gain access to read, modify, or delete data.

The vulnerabilities of the NGINX Instance Manager automation platform, the NGINX API Connectivity Manager, and the NGINX Security Monitoring platform involve exploiting authentication mechanisms by using user-controlled keys. Exploitation of these vulnerabilities could allow an attacker to bypass...

CVE-2023-28724

NGINX Management Suite default file permissions are set such that an authenticated attacker may be able to modify sensitive files on NGINX Instance Manager and NGINX API Connectivity Manager. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...

Default credentials

NGINX Management Suite default file permissions are set such that an authenticated attacker may be able to modify sensitive files on NGINX Instance Manager and NGINX API Connectivity Manager. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...

PT-2023-2757 · Nginx · Nginx Instance Manager +3

Name of the Vulnerable Software and Affected Versions: NGINX Management Suite affected versions not specified NGINX Instance Manager affected versions not specified NGINX API Connectivity Manager affected versions not specified NGINX Security Monitoring affected versions not specified Description...

The vulnerability of the NGINX Agent and the NGINX Instance Manager automation platform, related to insufficient protection of registration data, allows a perpetrator to gain access to secret keys.

The vulnerability of the NGINX Agent and the NGINX Instance Manager automation platform is related to insufficient protection of registration data. Exploiting this vulnerability can allow attackers to gain access to secret keys...

CVE-2023-1550

Insertion of Sensitive Information into log file vulnerability in NGINX Agent. NGINX Agent version 2.0 before 2.23.3 inserts sensitive information into a log file. An authenticated attacker with local access to read agent log files may gain access to private keys. This issue is only exposed when...

CVE-2023-1550

Insertion of Sensitive Information into log file vulnerability in NGINX Agent. NGINX Agent version 2.0 before 2.23.3 inserts sensitive information into a log file. An authenticated attacker with local access to read agent log files may gain access to private keys. This issue is only exposed when...

Design/Logic Flaw

Insertion of Sensitive Information into log file vulnerability in NGINX Agent. NGINX Agent version 2.0 before 2.23.3 inserts sensitive information into a log file. An authenticated attacker with local access to read agent log files may gain access to private keys. This issue is only exposed when...

CVE-2023-1550 NGINX Agent vulnerability CVE-2023-1550

Insertion of Sensitive Information into log file vulnerability in NGINX Agent. NGINX Agent version 2.0 before 2.23.3 inserts sensitive information into a log file. An authenticated attacker with local access to read agent log files may gain access to private keys. This issue is only exposed when...

K000133135: NGINX Agent vulnerability CVE-2023-1550

Security Advisory Description NGINX Agent inserts sensitive information into a log file. CVE-2023-1550 Impact An authenticated attacker with local access to read agent log files may gain access to private keys. This issue is only exposed when the non-default trace level logging is enabled. Note :...

K37080719: NGINX Instance Manager vulnerability CVE-2022-35241

Security Advisory Description When NGINX Instance Manager is in use, undisclosed requests can cause an increase in disk resource utilization. CVE-2022-35241 Impact System performance can degrade until system inodes become free. This vulnerability allows a remote, authenticated attacker to cause a...