f5
1,031 tracked vulnerabilities.
CVE-2026-41959
MEDIUM
F5 BIG-IP and BIG-IQ - Authenticated Information Disclosure via TMOS Shell and iControl REST
May 13, 2026
CVSS 6.5
EPSS 0.00
CVE-2026-41957
HIGH
F5 - BIG-IP and BIG-IQ Configuration Utility Vulnerability
May 13, 2026
CVSS 8.8
EPSS 0.01
CVE-2026-41956
HIGH
F5 BIG-IP UDP Classification Profile - TMM Denial of Service
May 13, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-41954
MEDIUM
F5 - iControl REST and Tmsh Vulnerability
May 13, 2026
CVSS 4.9
EPSS 0.00
CVE-2026-41953
HIGH
F5 BIG-IP 16.1.0-17.1.3.1/17.5.0-17.5.1.5/21.0.0-21.0.0.1/>=21.1.0 Privilege Escalation via Config Modification
May 13, 2026
CVSS 8.7
EPSS 0.00
CVE-2026-41227
HIGH
BIG-IP HTTP/2 Layer 7 Dos Protection vulnerability
May 13, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-41225
CRITICAL
F5 BIG-IP 16.1.0-17.1.3.1/17.5.0-17.5.1.5/21.0.0-21.0.0.1/>=21.1.0 - Authenticated RCE via iControl REST
May 13, 2026
CVSS 9.1
EPSS 0.00
CVE-2026-41219
MEDIUM
F5 BIG-IP QKView - Sensitive Information Disclosure
May 13, 2026
CVSS 6.5
EPSS 0.00
CVE-2026-41218
HIGH
F5 BIG-IP PEM iRules - TMM Denial of Service
May 13, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-41217
HIGH
F5 BIG-IP tmsh - Privileged Command Execution
May 13, 2026
CVSS 7.9
EPSS 0.00
CVE-2026-40703
MEDIUM
BIG-IP 16.1.0-17.1.3.1 17.5.0-17.5.1.4 >=21.0.0 - Cross-Site Request Forgery in Dashboard
May 13, 2026
CVSS 5.4
EPSS 0.00
CVE-2026-40701
MEDIUM
NGINX Plus and NGINX Open Source - Use-After-Free in ngx_http_ssl_module
May 13, 2026
CVSS 4.8
EPSS 0.01
CVE-2026-40699
MEDIUM
F5 BIG-IP 21.1.0-21.0.0.1, 17.5.0-17.5.1.4, 17.1.0-17.1.3.1, 16.1.0 - Authenticated Information Disclosure
May 13, 2026
CVSS 6.5
EPSS 0.00
CVE-2026-40698
HIGH
F5 BIG-IP and BIG-IQ - Authenticated Privilege Escalation via SNMP Configuration Object Creation
May 13, 2026
CVSS 8.7
EPSS 0.00
CVE-2026-40631
HIGH
F5 BIG-IP 21.1.0-21.0.0.2 Authenticated Privilege Escalation via iControl SOAP
May 13, 2026
CVSS 8.7
EPSS 0.00
CVE-2026-40629
HIGH
F5 BIG-IP SSL/TLS - Virtual Server Denial of Service
May 13, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-40618
HIGH
F5 BIG-IP SSL/TLS - TMM Denial of Service
May 13, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-40462
MEDIUM
F5 BIG-IP 16.1.0-17.1.3.0 17.5.0-17.5.1.3 21.0.0-21.0.0 21.1.0+ - Authenticated Information Disclosure
May 13, 2026
CVSS 6.5
EPSS 0.00
CVE-2026-40460
MEDIUM
NGINX Plus and Open Source - Authentication Bypass via HTTP/3 QUIC Module
May 13, 2026
CVSS 6.5
EPSS 0.00
CVE-2026-40435
MEDIUM
F5 BIG-IP httpd - Access Control Bypass
May 13, 2026
CVSS 5.3
EPSS 0.00
CVE-2026-40423
HIGH
F5 BIG-IP SIP Profile - TMM Denial of Service
May 13, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-40067
HIGH
F5 BIG-IP APM - apmd Denial of Service
May 13, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-40061
HIGH
BIG-IP 21.1.0-21.0.0.1 Authenticated Command Injection via iControl REST
May 13, 2026
CVSS 8.7
EPSS 0.00
CVE-2026-40060
HIGH
F5 BIG-IP Advanced WAF/ASM - bd Denial of Service
May 13, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-39459
HIGH
F5 - iControl REST and Tmsh Vulnerability
May 13, 2026
CVSS 7.2
EPSS 0.00
Products
big-ip_access_policy_manager 628
big-ip_application_security_manager 581
big-ip_advanced_firewall_manager 552
big-ip_local_traffic_manager 541
big-ip_policy_enforcement_manager 533
big-ip_link_controller 525
big-ip_application_acceleration_manager 524
big-ip_analytics 511
big-ip_global_traffic_manager 490
big-ip_domain_name_system 469
big-ip_fraud_protection_service 405
big-ip_webaccelerator 297
big-ip_edge_gateway 293
big-ip_advanced_web_application_firewall 195
big-ip_websafe 175
big-ip_ddos_hybrid_defender 166
big-ip_ssl_orchestrator 147
big-ip_carrier-grade_nat 109
big-ip_application_visibility_and_reporting 108
big-ip_container_ingress_services 86
big-ip_automation_toolchain 85
big-iq_centralized_management 85
big-ip_protocol_security_module 61
BIG-IP 46
nginx 42
njs 40
enterprise_manager 39
big-ip_wan_optimization_manager 38
traffix_signaling_delivery_controller 31
ssl_orchestrator 27
Quick Filters