| | CVE-2026-32682 | F5 | medium | 6.5 | 0.3%
| | When NGINX Gateway Fabric is configured using GRPCRoutes, an authenticated, remote attacker with per… | Jun 17, 2026 | Jul 2, 2026 |
| | CVE-2026-50107 | F5 | high | 8.1 | 0.3%
| | When NGINX Plus or NGINX Open Source is configured as the data plane for NGINX Gateway Fabric, an in… | Jun 17, 2026 | Jun 18, 2026 |
| | CVE-2026-42530 | F5 | high | 8.1 | 3.3%
| | NGINX Open Source has a vulnerability in the ngx_http_v3_module module. When NGINX Open Source is co… | Jun 17, 2026 | Jul 2, 2026 |
| | CVE-2026-42055 | F5 | high | 8.1 | 3.1%
| | NGINX Plus and NGINX Open Source have a vulnerability in the ngx_http_proxy_v2_module and ngx_http_g… | Jun 17, 2026 | Jul 9, 2026 |
| | CVE-2026-11311 | F5 | high | 8.1 | 0.6%
| | When NGINX Plus is configured as the data plane for NGINX Gateway Fabric, an injection vulnerability… | Jun 17, 2026 | Jul 2, 2026 |
| | CVE-2026-5667 | F5 | high | 7.2 | — | | Use of Hard-coded Credentials vulnerability in Mitsubishi Electric Room Air Conditioners (for Japan … | Jun 17, 2026 | Jun 17, 2026 |
| | CVE-2026-9256 | F5 | high | 8.1 | 4.3%
| | NGINX Plus and NGINX Open Source have a vulnerability in the ngx_http_rewrite_module module. This vu… | May 22, 2026 | Jun 30, 2026 |
| | CVE-2026-8711 | F5 | high | 8.1 | 0.1%
| | NGINX JavaScript has a vulnerability when the js_fetch_proxy directive is configured with at least o… | May 19, 2026 | Jun 4, 2026 |
| | CVE-2026-42946 | F5 | medium | 6.5 | 0.8%
| | A vulnerability exists in the ngx_http_scgi_module and ngx_http_uwsgi_module modules that may result… | May 13, 2026 | Jun 16, 2026 |
| | CVE-2026-41959 | F5 | medium | 6.5 | 0.2%
| | Incorrect permission assignment vulnerabilities exist in BIG-IP and BIG-IQ TMOS Shell (tmsh) network… | May 13, 2026 | Jun 24, 2026 |
| | CVE-2026-41956 | F5 | high | 7.5 | 0.3%
| | When a classification profile is configured on a UDP virtual server, undisclosed requests can cause … | May 13, 2026 | Jun 24, 2026 |
| | CVE-2026-41954 | F5 | medium | 4.9 | 0.3%
| | Sensitive information disclosure vulnerability exists in the undisclosed iControl REST endpoint and … | May 13, 2026 | Jun 24, 2026 |
| | CVE-2026-41953 | F5 | high | 8.7 | 0.2%
| | A vulnerability exists in BIG-IP systems where a highly privileged, authenticated attacker with at l… | May 13, 2026 | Jun 24, 2026 |
| | CVE-2026-41227 | F5 | high | 7.5 | 0.3%
| | On an HTTP/2 virtual server with Layer 7 DoS Protection configured, undisclosed traffic can result i… | May 13, 2026 | Jun 24, 2026 |
| | CVE-2026-41225 | F5 | critical | 9.1 | 0.3%
| | A vulnerability exists in iControl REST where a highly privileged, authenticated attacker with at le… | May 13, 2026 | Jun 24, 2026 |
| | CVE-2026-41219 | F5 | medium | 6.5 | 0.3%
| | An improper sanitization vulnerability exists in the BIG-IP QKView utility that allows a low-privile… | May 13, 2026 | Jun 24, 2026 |
| | CVE-2026-41218 | F5 | high | 7.5 | 0.3%
| | When BIG-IP PEM iRules are configured on a virtual server (iRules using commands starting with CLASS… | May 13, 2026 | Jun 24, 2026 |
| | CVE-2026-41217 | F5 | high | 7.9 | 0.1%
| | A vulnerability exists in an undisclosed BIG-IP TMOS Shell (tmsh) command that may allow an authenti… | May 13, 2026 | Jun 24, 2026 |
| | CVE-2026-40703 | F5 | medium | 5.4 | 0.1%
| | A cross-site request forgery (CSRF) vulnerability exists in the dashboard of the BIG-IP Configuratio… | May 13, 2026 | Jun 24, 2026 |
| | CVE-2026-40699 | F5 | medium | 6.5 | 0.3%
| | A vulnerability exists in the undisclosed pages in the Configuration utility that may allow a low-pr… | May 13, 2026 | Jun 24, 2026 |
| | CVE-2026-40698 | F5 | high | 8.7 | 0.2%
| | A vulnerability exists in BIG-IP and BIG-IQ systems where a highly privileged, authenticated attacke… | May 13, 2026 | Jun 29, 2026 |
| | CVE-2026-40631 | F5 | high | 8.7 | 0.2%
| | An authenticated attacker with the Resource Administrator or Administrator role can modify configura… | May 13, 2026 | Jun 29, 2026 |
| | CVE-2026-40629 | F5 | high | 7.5 | 0.3%
| | When SSL profiles are configured on a virtual server, undisclosed traffic can cause the virtual serv… | May 13, 2026 | Jun 29, 2026 |
| | CVE-2026-40618 | F5 | high | 7.5 | 0.3%
| | When an SSL profile is configured on a virtual server on BIG-IP Virtual Edition (VE) without Intel Q… | May 13, 2026 | Jun 29, 2026 |
| | CVE-2026-40462 | F5 | medium | 6.5 | 0.2%
| | Incorrect permission assignment vulnerabilities exist in iControl REST and TMOS shell (tmsh) undiscl… | May 13, 2026 | Jun 29, 2026 |
| | CVE-2026-40460 | F5 | medium | 6.5 | 0.4%
| | When NGINX Plus or NGINX Open Source are configured to use the HTTP/3 QUIC module, an attacker may b… | May 13, 2026 | Jun 29, 2026 |
| | CVE-2026-40435 | F5 | medium | 5.3 | 0.2%
| | When configured, IP-based access restrictions for httpd do not cover all endpoints, which may allow … | May 13, 2026 | Jun 29, 2026 |
| | CVE-2026-40423 | F5 | high | 7.5 | 0.3%
| | When a SIP profile is configured on a virtual server, undisclosed traffic can cause the Traffic Mana… | May 13, 2026 | Jun 29, 2026 |
| | CVE-2026-40067 | F5 | high | 7.5 | 0.3%
| | When a BIG-IP APM access policy is configured on a virtual server, undisclosed traffic can cause the… | May 13, 2026 | Jun 29, 2026 |
| | CVE-2026-40061 | F5 | high | 8.7 | 0.2%
| | When BIG-IP DNS is provisioned, a vulnerability exists in an undisclosed iControl REST and BIG-IP TM… | May 13, 2026 | Jun 29, 2026 |
| | CVE-2026-40060 | F5 | high | 7.5 | 0.3%
| | When a BIG-IP Advanced WAF or ASM security policy is configured on a virtual server, undisclosed req… | May 13, 2026 | Jun 29, 2026 |
| | CVE-2026-39459 | F5 | high | 7.2 | 0.3%
| | A vulnerability exists in iControl REST and the TMOS Shell (tmsh) where a highly privileged, authent… | May 13, 2026 | Jun 29, 2026 |
| | CVE-2026-39458 | F5 | high | 7.5 | 0.3%
| | When a BIG-IP DNS profile enabled with DNS cache is configured on a virtual server, undisclosed traf… | May 13, 2026 | Jun 29, 2026 |
| | CVE-2026-39455 | F5 | high | 7.5 | 0.3%
| | When the BIG-IP Configuration utility is configured to use Lightweight Directory Access Protocol (LD… | May 13, 2026 | Jun 29, 2026 |
| | CVE-2026-35062 | F5 | medium | 6.5 | 0.2%
| | An authenticated iControl SOAP user may be able to obtain information of other accounts.
Note: Sof… | May 13, 2026 | Jun 29, 2026 |
| | CVE-2026-34176 | F5 | high | 8.7 | 0.7%
| | When running in Appliance mode, an authenticated remote command injection vulnerability exists in an… | May 13, 2026 | Jun 29, 2026 |
| | CVE-2026-34019 | F5 | medium | 5.3 | 0.3%
| | When Bidirectional Forwarding Detection (BFD) is configured in Static and Dynamic routing protocols,… | May 13, 2026 | Jun 29, 2026 |
| | CVE-2026-32673 | F5 | high | 8.7 | 0.2%
| | A vulnerability exists in BIG-IP scripted monitors that may allow an authenticated attacker with the… | May 13, 2026 | Jun 29, 2026 |
| | CVE-2026-32643 | F5 | high | 8.7 | 0.2%
| | A vulnerability exists in BIG-IP and BIG-IQ systems where a highly privileged, authenticated attacke… | May 13, 2026 | Jun 29, 2026 |
| | CVE-2026-28758 | F5 | medium | 4.4 | 0.1%
| | When BIG-IP DNS is provisioned, a vulnerability exists in the gtm_add and bigip_add iControl REST co… | May 13, 2026 | Jun 29, 2026 |
| | CVE-2026-24464 | F5 | medium | 6.8 | 0.9%
| | When running in Appliance mode, a directory traversal vulnerability exists in an undisclosed iContro… | May 13, 2026 | Jun 29, 2026 |
| | CVE-2026-20916 | F5 | high | 8.1 | 0.4%
| | An authenticated iControl REST user with low privileges can create or modify arbitrary files through… | May 13, 2026 | Jun 29, 2026 |
| | CVE-2026-42945 | F5 | high | 8.1 | 61.5%
| | NGINX Plus and NGINX Open Source have a vulnerability in the ngx_http_rewrite_module module. This vu… | May 13, 2026 | Jul 2, 2026 |
| | CVE-2026-42930 | F5 | high | 8.7 | — | | When running in Appliance mode, an authenticated attacker assigned the 'Administrator' role may be a… | May 13, 2026 | May 14, 2026 |
| | CVE-2026-42406 | F5 | high | 8.7 | — | | A vulnerability exists in BIG-IP and BIG-IQ systems where a highly privileged, authenticated attacke… | May 13, 2026 | May 14, 2026 |
| | CVE-2026-42058 | F5 | medium | 4.3 | — | | An authenticated attacker's undisclosed requests to BIG-IP iControl REST can lead to an information … | May 13, 2026 | May 14, 2026 |
| | CVE-2026-42924 | F5 | high | 8.7 | — | | An authenticated attacker with the Resource Administrator or Administrator role can create SNMP conf… | May 13, 2026 | May 14, 2026 |
| | CVE-2026-42919 | F5 | medium | 6.7 | — | | A vulnerability exists in BIG-IP systems that may allow an authenticated attacker with administrativ… | May 13, 2026 | May 14, 2026 |
| | CVE-2026-41957 | F5 | high | 8.8 | — | | An authenticated remote code execution vulnerability through undisclosed vectors exists in the BIG-I… | May 13, 2026 | May 14, 2026 |
| | CVE-2026-34734 | F5 | high | 7.8 | 0.2%
| | HDF5 is software for managing data. In 1.14.1-2 and earlier, a heap-use-after-free was found in the … | Apr 9, 2026 | Jun 30, 2026 |