Security Alert (A26-02-07): Multiple Vulnerabilities in F5 Products


 

Published on: 05 February 2026

Description:

F5 has published security advisories to address multiple vulnerabilities in F5 Products. The details about the vulnerabilities can be found at the following websites:
https://my.f5.com/manage/s/article/K000156643
https://my.f5.com/manage/s/article/K000156644
https://my.f5.com/manage/s/article/K000157960
https://my.f5.com/manage/s/article/K000158072
https://my.f5.com/manage/s/article/K000158931
https://my.f5.com/manage/s/article/K000159824

 

Affected Systems:

  • APM Clients version 7.2.5 - 7.2.6.1
  • BIG-IP (all modules) version 16.0.0 - 16.1.6
  • BIG-IP (all modules) version 17.1.0 - 17.1.3
  • BIG-IP (all modules) version 17.5.0 - 17.5.1
  • BIG-IP APM version 16.1.0 - 16.1.6
  • BIG-IP APM version 17.1.0 - 17.1.3
  • BIG-IP APM version 17.5.0 - 17.5.1
  • BIG-IP APM version 21.0.0
  • BIG-IP Advanced WAF/ASM version 17.1.0 - 17.1.2
  • BIG-IP Container Ingress Services for Kubernetes and OpenShift version 1.0.0 - 1.14.0
  • BIG-IP Container Ingress Services for Kubernetes and OpenShift version 2.0.0 - 2.20.1
  • NGINX Gateway Fabric version 1.2.0 - 1.6.2
  • NGINX Gateway Fabric version 2.0.0 - 2.4.0
  • NGINX Ingress Controller version 3.4.0 - 3.7.1
  • NGINX Ingress Controller version 4.0.0 - 4.0.1
  • NGINX Ingress Controller version 5.3.0 - 5.3.2
  • NGINX Instance Manager version 2.15.1 - 2.21.0
  • NGINX Open Source version 1.3.0 - 1.29.4
  • NGINX Plus version R32 - R36 P1

 

Impact:

Successful exploitation of the vulnerabilities could lead to denial of service, elevation of privilege, information disclosure, security restriction bypass, spoofing or tampering on an affected system.

 

Recommendation:

Software updates for affected systems are now available. System administrators of affected systems should follow the recommendations provided by the product vendor and take immediate actions to mitigate the risk. It is recommended to consult the product vendors for the fixes and assistance.

 

More Information:

  • https://my.f5.com/manage/s/article/K000156643
  • https://my.f5.com/manage/s/article/K000156644
  • https://my.f5.com/manage/s/article/K000157960
  • https://my.f5.com/manage/s/article/K000158072
  • https://my.f5.com/manage/s/article/K000158931
  • https://my.f5.com/manage/s/article/K000159824
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1642
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-20730
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-20732
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22548 (to CVE-2026-22549)


Tag: F5 , APM Clients , BIG-IP , NGINX
Tags