F5 Products Multiple Vulnerabilities

Last Update Date: 21 May 2026 Release Date: 15 May 2026 6318 Views

RISK: Medium Risk

TYPE: Operating Systems - Networks OS

Multiple vulnerabilities were identified in F5 Products. A remote attacker could exploit some of these vulnerabilities to trigger denial of service condition, remote code execution, security restriction bypass and elevation of privilege on the targeted system.

[Updated on 2026-05-21]

Updated System / Technologies affected, Solutions, Vulnerability Identifier and Related Links.

Impact

Denial of Service
Remote Code Execution
Security Restriction Bypass
Elevation of Privilege

System / Technologies affected

BIG-IP (all modules)

version 16.1.0 - 16.1.6
version 17.1.0 - 17.1.3
version 17.5.0 - 17.5.1
version 21.0.0

BIG-IP APM

version 16.1.0 - 16.1.6
version 17.1.0 - 17.1.3
version 17.5.0 - 17.5.1
version 21.0.0

BIG-IP PEM

version 16.1.0 - 16.1.6
version 17.1.0 - 17.1.3
version 17.5.0 - 17.5.1
version 21.0.0

BIG-IP Advanced WAF/ASM

version 16.1.0 - 16.1.6
version 17.1.0 - 17.1.3
version 17.5.0 - 17.5.1
version 21.0.0

BIG-IP Advanced WAF/ASM and BIG-IP DDoS Hybrid Defender

version 16.1.0 - 16.1.6
version 17.1.0 - 17.1.3
version 17.5.0 - 17.5.1

BIG-IQ Centralized Management

version 8.4.0 - 8.4.1

BIG-IP Next CNF

version 1.1.0 - 1.4.1
version 2.0.0 - 2.2.1

BIG-IP Next SPK

version 1.7.0 - 1.9.2
version 2.0.0 - 2.0.3

BIG-IP Next for Kubernetes

version 2.0.0 - 2.1.1

F5 Distributed Cloud (all services)

F5 Silverline (all services)

NGINX One Console

F5OS-A

F5OS-C

NGINX JavaScript (njs)

NGINX (all other products)

Traffix SDC

F5 AI Gateway

Solutions

Before installation of the software, please visit the vendor web-site for more details.

Apply fixes issued by the vendor:

F5 Products Multiple Vulnerabilities

Impact

System / Technologies affected

Solutions

Vulnerability Identifier

Source

Related Link