CVE-2026-28758

When BIG-IP DNS is provisioned, a vulnerability exists in the gtmadd and bigipadd iControl REST commands that return the ssh-password parameter in cleartext in the iControl REST response and is also logged in the audit log. This may allow a highly privileged, authenticated attacker with access to...

CVE-2026-41227 BIG-IP HTTP/2 Layer 7 Dos Protection vulnerability

On an HTTP/2 virtual server with Layer 7 DoS Protection configured, undisclosed traffic can result in an increase in memory consumption causing the Traffic Management Microkernel TMM process to terminate. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...

PT-2026-40633

Name of the Vulnerable Software and Affected Versions F5 BIG-IP versions prior to 17.1.3.1 F5 BIG-IP versions prior to 17.5.1.4 Description When BIG-IP DNS is provisioned, the 'gtm add' and 'bigip add' iControl REST commands return the ssh-password parameter in cleartext within the iControl REST...

EUVD-2026-29488

OS command injection in Ivanti Virtual Traffic Manager before version 22.9r4 allows a remote authenticated attacker with admin privileges to achieve remote code execution...

CVE-2026-8051

OS command injection in Ivanti Virtual Traffic Manager before version 22.9r4 allows a remote authenticated attacker with admin privileges to achieve remote code execution...

CVE-2026-8051

OS command injection in Ivanti Virtual Traffic Manager before version 22.9r4 allows a remote authenticated attacker with admin privileges to achieve remote code execution...

CVE-2026-8051

CVE-2026-8051 concerns Ivanti Virtual Traffic Manager (vTM). The NVD/CVE entries state an OS command injection vulnerability in vTM prior to version 22.9r4, allowing a remote authenticated attacker with admin privileges to achieve remote code execution. The description identifies affected product...

CVE-2026-8051

OS command injection in Ivanti Virtual Traffic Manager before version 22.9r4 allows a remote authenticated attacker with admin privileges to achieve remote code execution...

CVE-2026-8051

OS command injection in Ivanti Virtual Traffic Manager before version 22.9r4 allows a remote authenticated attacker with admin privileges to achieve remote code execution...

May 2026 Security Advisory Ivanti Virtual Traffic Manager (vTM) (CVE-2026-8051)

Summary Ivanti has released updates for Ivanti Virtual Traffic Manager which addresses one High severity vulnerability. Successful exploitation could lead to admin authenticated remote code execution. We are not aware of any customers being exploited by this vulnerability at the time of disclosur...

PT-2026-40041

Name of the Vulnerable Software and Affected Versions Ivanti Virtual Traffic Manager versions prior to 22.9r4 Description OS command injection allows a remote authenticated attacker with admin privileges to achieve remote code execution. Recommendations Update to version 22.9r4 or later...

Ivanti Virtual Traffic Manager 操作系统命令注入漏洞

Ivanti Virtual Traffic Manager is a software-based application delivery controller developed by the American company Ivanti. Versions of Ivanti Virtual Traffic Manager prior to 22.9r4 contained an operating system command injection vulnerability. This vulnerability stems from OS command injection...

WSO2多款产品 安全漏洞

WSO2 API Manager, among others, are products of the American company WSO2. WSO2 API Manager is a set of API lifecycle management solutions. WSO2 API Control Plane is a control panel. WSO2 Traffic Manager is a component designed to regulate and manage API traffic. Several WSO2 products have securi...

WSO2多款产品 安全漏洞

WSO2 API Manager, among others, are products of the American company WSO2. The WSO2 API Manager is a suite of API lifecycle management solutions. The WSO2 API Control Plane is a control panel. The WSO2 Traffic Manager is a component designed to regulate and manage API traffic. Several WSO2 produc...

CVE-2021-31922

An HTTP Request Smuggling vulnerability in Pulse Secure Virtual Traffic Manager before 21.1 could allow an attacker to smuggle an HTTP request through an HTTP/2 Header. This vulnerability is resolved in 21.1, 20.3R1, 20.2R1, 20.1R2, 19.2R4, and 18.2R3...

WSO2多款产品 安全漏洞

WSO2 API Manager and others are products of WSO2 Corporation, USA.WSO2 API Manager is an API lifecycle management solution.WSO2 Identity Server IS is an identity server.WSO2 API Control Plane is a control panel. A security vulnerability exists in several WSO2 products that stems from a lack of...

WSO2多款产品 安全漏洞

WSO2 Open Banking AM and others are products of WSO2, Inc. of the U.S.A. WSO2 Open Banking AM is an Open Banking Accelerator.WSO2 Open Banking IAM is an identity and access management solution for the Open Banking OB space.WSO2 Traffic WSO2 Traffic Manager is a component for regulating and managi...

WSO2多款产品 安全漏洞

WSO2 API Manager and other products are products of WSO2 Corporation, USA.WSO2 API Manager is a set of API lifecycle management solution.WSO2 Identity Server IS is an identity server.WSO2 Enterprise Integrator is a set of open source hybrid integration platform. A security vulnerability exists in...

WSO2多款产品 安全漏洞

WSO2 API Manager and other products are products of WSO2 Corporation, USA.WSO2 API Manager is a set of API lifecycle management solutions.WSO2 Identity Server IS is an identity server.WSO2 Enterprise Integrator is a set of open source hybrid integration platform. A security vulnerability exists i...

WSO2多款产品 安全漏洞

WSO2 API Manager and others are products of WSO2, Inc. of the U.S. WSO2 API Manager is a suite of API lifecycle management solutions.WSO2 Identity Server IS is an identity server.WSO2 API Control Plane is a control panel. A security vulnerability exists in several WSO2 products that stems from an...