F5

182 CVEs tracked in the last 90 days

182 Total CVEs

16 Critical

81 High

80 Medium

5 Low

Severity Distribution

Critical 16 (8.8%)

High 81 (44.5%)

Medium 80 (44.0%)

Low 5 (2.7%)

Top Affected Products

f5 big-ip access policy manager 97

f5 big-ip application security manager 88

f5 big-ip advanced firewall manager 78

f5 big-ip application acceleration manager 76

f5 big-ip local traffic manager 73

f5 big-ip analytics 69

f5 big-ip link controller 68

f5 big-ip policy enforcement manager 60

CVSS Score Distribution

Latest CVEs

CVE ID	Severity	CVSS	Description	Published	Modified
CVE-2026-42945	high	8.1	NGINX Plus and NGINX Open Source have a vulnerability in the ngx_http_rewrite_module module. This vu…	May 13, 2026	May 14, 2026
CVE-2026-42930	high	8.7	When running in Appliance mode, an authenticated attacker assigned the 'Administrator' role may be a…	May 13, 2026	May 14, 2026
CVE-2026-42406	high	8.7	A vulnerability exists in BIG-IP and BIG-IQ systems where a highly privileged, authenticated attacke…	May 13, 2026	May 14, 2026
CVE-2026-42058	medium	4.3	An authenticated attacker's undisclosed requests to BIG-IP iControl REST can lead to an information …	May 13, 2026	May 14, 2026
CVE-2026-32643	high	8.7	A vulnerability exists in BIG-IP and BIG-IQ systems where a highly privileged, authenticated attacke…	May 13, 2026	May 14, 2026
CVE-2026-32673	medium	6.5	A vulnerability exists in BIG-IP scripted monitors that may allow an authenticated attacker with the…	May 13, 2026	May 14, 2026
CVE-2026-34176	high	8.7	When running in Appliance mode, an authenticated remote command injection vulnerability exists in an…	May 13, 2026	May 14, 2026
CVE-2026-41225	high	7.2	A vulnerability exists in iControl REST where a highly privileged, authenticated attacker with at le…	May 13, 2026	May 14, 2026
CVE-2026-39459	high	7.2	A vulnerability exists in iControl REST and the TMOS Shell (tmsh) where a highly privileged, authent…	May 13, 2026	May 14, 2026
CVE-2026-41953	high	8.7	A vulnerability exists in BIG-IP systems where a highly privileged, authenticated attacker with at l…	May 13, 2026	May 14, 2026
CVE-2026-40631	high	8.7	An authenticated attacker with the Resource Administrator or Administrator role can modify configura…	May 13, 2026	May 14, 2026
CVE-2026-40698	high	8.7	A vulnerability exists in BIG-IP and BIG-IQ systems where a highly privileged, authenticated attacke…	May 13, 2026	May 14, 2026
CVE-2026-42924	high	8.7	An authenticated attacker with the Resource Administrator or Administrator role can create SNMP conf…	May 13, 2026	May 14, 2026
CVE-2026-40061	medium	6.5	When BIG-IP DNS is provisioned, a vulnerability exists in an undisclosed iControl REST and BIG-IP TM…	May 13, 2026	May 14, 2026
CVE-2026-42919	medium	6.7	A vulnerability exists in BIG-IP systems that may allow an authenticated attacker with administrativ…	May 13, 2026	May 14, 2026
CVE-2026-41957	high	8.8	An authenticated remote code execution vulnerability through undisclosed vectors exists in the BIG-I…	May 13, 2026	May 14, 2026
CVE-2026-32647	high	7.8	NGINX Open Source and NGINX Plus have a vulnerability in the ngx_http_mp4_module module, which might…	Mar 24, 2026	Mar 26, 2026
CVE-2026-28755	medium	5.4	NGINX Plus and NGINX Open Source have a vulnerability in the ngx_stream_ssl_module module due to the…	Mar 24, 2026	Mar 26, 2026
CVE-2026-28753	low	3.7	NGINX Plus and NGINX Open Source have a vulnerability in the ngx_mail_smtp_module module due to the …	Mar 24, 2026	Mar 26, 2026
CVE-2026-27784	high	7.8	The 32-bit implementation of NGINX Open Source has a vulnerability in the ngx_http_mp4_module module…	Mar 24, 2026	Mar 30, 2026
CVE-2026-27654	high	8.2	NGINX Open Source and NGINX Plus have a vulnerability in the ngx_http_dav_module module that might a…	Mar 24, 2026	Mar 26, 2026
CVE-2026-27651	high	7.5	When the ngx_mail_auth_http_module module is enabled on NGINX Plus or NGINX Open Source, undisclosed…	Mar 24, 2026	Mar 30, 2026
CVE-2026-1776	medium	—	Camaleon CMS versions 2.4.5.0 through 2.9.0, prior to commit f54a77e, contain a path traversal vulne…	Mar 10, 2026	Mar 11, 2026
CVE-2026-2507	high	7.5	When BIG-IP AFM or BIG-IP DDoS is provisioned, undisclosed traffic can cause TMM to terminate. Note…	Feb 18, 2026	Feb 18, 2026
CVE-2026-22549	medium	4.9	A vulnerability exists in F5 BIG-IP Container Ingress Services that may allow excessive permissions …	Feb 4, 2026	Feb 13, 2026