Tag

Big-Ip

9 briefs RSS

Multiple Vulnerabilities in F5 BIG-IP Products

Multiple vulnerabilities in F5 BIG-IP products could allow an attacker to execute arbitrary code, gain elevated privileges, bypass security measures, manipulate or disclose data, or cause a denial-of-service condition.

BIG-IP f5 vulnerability privilege-escalation execution defense-evasion impact discovery credential-access

3r 5t May 15, 2026

high advisory

CVE-2026-42406 - F5 BIG-IP and BIG-IQ Authenticated Remote Code Execution

2 rules 2 TTPs 1 CVE

CVE-2026-42406 allows a highly privileged, authenticated attacker with the Certificate Manager role to modify configuration objects in F5 BIG-IP and BIG-IQ systems, leading to arbitrary command execution.

BIG-IP +1 cve cve-2026-42406 f5 big-iq rce authenticated privilege escalation

2r 2t 1c May 13, 2026

high advisory

CVE-2026-41957: F5 BIG-IP and BIG-IQ Authenticated Remote Code Execution Vulnerability

2 rules 1 TTP 1 CVE

An authenticated remote code execution vulnerability (CVE-2026-41957) exists in the F5 BIG-IP and BIG-IQ Configuration utility, potentially leading to arbitrary code execution on affected systems.

BIG-IP +1 cve-2026-41957 rce f5 big-iq authenticated deserialization

2r 1t 1c May 13, 2026

high advisory

BIG-IP Privilege Escalation via Configuration Modification (CVE-2026-41953)

2 rules 1 TTP 1 CVE

CVE-2026-41953 describes a privilege escalation vulnerability in F5 BIG-IP systems where a highly privileged, authenticated attacker with the Resource Administrator role can modify configuration objects, leading to elevated privileges within the system.

BIG-IP privilege-escalation f5

2r 1t 1c May 13, 2026

high advisory

BIG-IP PEM iRules Traffic Management Microkernel (TMM) Termination

1 rule 1 TTP 1 CVE

CVE-2026-41218 describes a vulnerability in F5 BIG-IP PEM iRules where undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate, leading to a denial-of-service condition.

BIG-IP PEM iRules cve dos f5 big-ip

1r 1t 1c May 13, 2026

medium advisory

BIG-IP VE TMM Termination Vulnerability (CVE-2026-40618)

2 rules 1 TTP 1 CVE

CVE-2026-40618 describes a vulnerability in F5 BIG-IP Virtual Edition (VE) where specific traffic can cause the Traffic Management Microkernel (TMM) to terminate when an SSL profile is configured without Intel QuickAssist Technology (QAT) or with crypto.hwacceleration disabled, potentially leading to a denial-of-service.

BIG-IP Virtual Edition cve dos big-ip

2r 1t 1c May 13, 2026

high advisory

CVE-2026-32673 - F5 BIG-IP Scripted Monitor Privilege Escalation

2 rules 1 TTP 1 CVE

CVE-2026-32673 allows an authenticated attacker with Resource Administrator or Administrator roles to execute arbitrary system commands with higher privileges in F5 BIG-IP scripted monitors, potentially crossing a security boundary in appliance mode deployments.

BIG-IP scripted monitors cve-2026-32673 privilege-escalation command-injection big-ip

2r 1t 1c May 13, 2026

critical threat

F5 BIG-IP APM CVE-2025-53521 Reclassified as Actively Exploited Unauthenticated RCE

2 rules 1 TTP 1 CVE

F5 has reclassified CVE-2025-53521, a vulnerability in BIG-IP APM, as a critical unauthenticated remote code execution vulnerability and reports it is being actively exploited in the wild.

exploited f5 big-ip apm cve-2025-53521 rce vulnerability

2r 1t 1c Apr 1, 2026

critical advisory

Multiple Vulnerabilities in F5 BIG-IP and F5OS

2 rules 5 TTPs

Multiple vulnerabilities in F5 BIG-IP and F5OS allow an attacker to bypass security mechanisms, escalate privileges, cause a denial-of-service condition, perform a cross-site scripting attack, and disclose or manipulate information.

f5 big-ip f5os vulnerability

2r 5t Mar 30, 2026