Known Vulnerabilities for products from F5
Listed below are 20 of the newest known vulnerabilities associated with the vendor "F5".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Additional devices specifications by F5 can be found at device.report : F5
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2026-50107 json | When NGINX Plus or NGINX Open Source is configured as the data plane for NGINX Gateway Fabric, an injection vulnerability exi... | Not Provided | 2026-06-17 | 2026-06-22 |
| CVE-2026-49975 json | Memory Allocation with Excessive Size Value vulnerability in Apache HTTP Server's mod_http leads to denial of service via mal... | Not Provided | 2026-06-08 | 2026-06-18 |
| CVE-2026-48142 json | NGINX Plus and NGINX Open Source have a vulnerability in the ngx_http_charset_module module. When content is served or proxi... | Not Provided | 2026-06-17 | 2026-06-22 |
| CVE-2026-42946 json | A vulnerability exists in the ngx_http_scgi_module and ngx_http_uwsgi_module modules that may result in excessive memory al... | Not Provided | 2026-05-13 | 2026-06-18 |
| CVE-2026-42945 json | NGINX Plus and NGINX Open Source have a vulnerability in the ngx_http_rewrite_module module. This vulnerability exists when ... | Not Provided | 2026-05-13 | 2026-06-18 |
| CVE-2026-42937 json | Incorrect permission assignment vulnerabilities exist in BIG-IP and BIG-IQ TMOS Shell (tmsh) arp and ndp commands, and in B... | Not Provided | 2026-05-13 | 2026-06-17 |
| CVE-2026-42934 json | NGINX Plus and NGINX Open Source have a vulnerability in the ngx_http_charset_module module. When charset, source_charset, an... | Not Provided | 2026-05-13 | 2026-06-18 |
| CVE-2026-42930 json | When running in Appliance mode, an authenticated attacker assigned the 'Administrator' role may be able to bypass Appliance m... | Not Provided | 2026-05-13 | 2026-06-18 |
| CVE-2026-42926 json | When NGINX Open Source is configured to proxy HTTP/2 traffic by setting proxy_http_version to 2, and also uses proxy_set_bod... | Not Provided | 2026-05-13 | 2026-06-18 |
| CVE-2026-42924 json | An authenticated attacker with the Resource Administrator or Administrator role can create SNMP configuration objects through... | Not Provided | 2026-05-13 | 2026-06-18 |
| CVE-2026-42920 json | When a Client SSL profile is configured with Allow Dynamic Record Sizing on a UDP virtual server, undisclosed traffic can cau... | Not Provided | 2026-05-13 | 2026-06-18 |
| CVE-2026-42919 json | A vulnerability exists in BIG-IP systems that may allow an authenticated attacker with administrative access to escalate thei... | Not Provided | 2026-05-13 | 2026-06-18 |
| CVE-2026-42781 json | When embedded Packet Velocity Acceleration (ePVA) acceleration is configured, undisclosed local ethernet traffic can cause an... | Not Provided | 2026-05-13 | 2026-06-23 |
| CVE-2026-42780 json | A directory traversal vulnerability exists in BIG-IP SSL Orchestrator that allows an authenticated attacker with high privile... | Not Provided | 2026-05-13 | 2026-06-23 |
| CVE-2026-42409 json | When an HTTP/2 profile and an iRule containing the HTTP::redirect or HTTP::respond command are configured on a virtual serv... | Not Provided | 2026-05-13 | 2026-06-23 |
| CVE-2026-42408 json | When BIG-IP DNS is provisioned, a vulnerability exists in an undisclosed TMOS Shell (tmsh) command that may allow a highly pr... | Not Provided | 2026-05-13 | 2026-06-23 |
| CVE-2026-42406 json | A vulnerability exists in BIG-IP and BIG-IQ systems where a highly privileged, authenticated attacker with at least the Certi... | Not Provided | 2026-05-13 | 2026-06-23 |
| CVE-2026-42063 json | A vulnerability exists in iControl SOAP where an authenticated attacker with the Resource Administrator or Administrator role... | Not Provided | 2026-05-13 | 2026-06-23 |
| CVE-2026-42058 json | An authenticated attacker's undisclosed requests to BIG-IP iControl REST can lead to an information leak of BIG-IP local user... | Not Provided | 2026-05-13 | 2026-06-23 |
| CVE-2026-41957 json | An authenticated remote code execution vulnerability through undisclosed vectors exists in the BIG-IP and BIG-IQ Configuratio... | Not Provided | 2026-05-13 | 2026-06-23 |
Known software with vulnerabilities from F5
| Type | Vendor | Product | Version |
|---|---|---|---|
| Application | F5 | 3 Dns | - |
| Application | F5 | Access Policy Manager Clients | 7.1.5 |
| Hardware | F5 | Arx | - |
| Application | F5 | Arx | 6.0.0 |
| Application | F5 | Arx Data Manager | 3.0.0 |
| Operating System | F5 | Arx Firmware | 6.0.0 |
| Hardware | F5 | Big-ip | - |
| Application | F5 | Big-ip | - |
| Hardware | F5 | Big-ip 1000 | - |
| Hardware | F5 | Big-ip 11050 | - |
| Hardware | F5 | Big-ip 1500 | - |
| Hardware | F5 | Big-ip 1600 | - |
| Hardware | F5 | Big-ip 2000 | c112 |
| Hardware | F5 | Big-ip 2000s | - |
| Hardware | F5 | Big-ip 2200s | - |
| Hardware | F5 | Big-ip 2400 | - |
| Hardware | F5 | Big-ip 3400 | - |
| Hardware | F5 | Big-ip 3410 | - |
| Hardware | F5 | Big-ip 3600 | - |
| Hardware | F5 | Big-ip 3900 | - |