High Threat Security Alert (A26-02-11): Multiple Vulnerabilities in F5 Products


 

Published on: 09 February 2026

Description:

F5 has published security advisories to address multiple vulnerabilities in F5 Products. The details about the vulnerabilities can be found at the following websites:
https://my.f5.com/manage/s/article/K000135178
https://my.f5.com/manage/s/article/K000135921
https://my.f5.com/manage/s/article/K000137090
https://my.f5.com/manage/s/article/K000137093
https://my.f5.com/manage/s/article/K000138219
https://my.f5.com/manage/s/article/K000138650
https://my.f5.com/manage/s/article/K000138827
https://my.f5.com/manage/s/article/K000139641
https://my.f5.com/manage/s/article/K000139700
https://my.f5.com/manage/s/article/K000139901
https://my.f5.com/manage/s/article/K000148252
https://my.f5.com/manage/s/article/K000148259
https://my.f5.com/manage/s/article/K000148713
https://my.f5.com/manage/s/article/K000159887
https://my.f5.com/manage/s/article/K000159900
https://my.f5.com/manage/s/article/K00409335
https://my.f5.com/manage/s/article/K04107324
https://my.f5.com/manage/s/article/K04337834
https://my.f5.com/manage/s/article/K04367730
https://my.f5.com/manage/s/article/K05975972
https://my.f5.com/manage/s/article/K08827426
https://my.f5.com/manage/s/article/K08832573
https://my.f5.com/manage/s/article/K10224912
https://my.f5.com/manage/s/article/K11315080
https://my.f5.com/manage/s/article/K11542555
https://my.f5.com/manage/s/article/K12252011
https://my.f5.com/manage/s/article/K21350967
https://my.f5.com/manage/s/article/K21548854
https://my.f5.com/manage/s/article/K24624116
https://my.f5.com/manage/s/article/K31085564
https://my.f5.com/manage/s/article/K32380005
https://my.f5.com/manage/s/article/K34120074
https://my.f5.com/manage/s/article/K38271531
https://my.f5.com/manage/s/article/K38481791
https://my.f5.com/manage/s/article/K40508224
https://my.f5.com/manage/s/article/K42531048
https://my.f5.com/manage/s/article/K42910051
https://my.f5.com/manage/s/article/K44454157
https://my.f5.com/manage/s/article/K46641512
https://my.f5.com/manage/s/article/K48050136
https://my.f5.com/manage/s/article/K58243048
https://my.f5.com/manage/s/article/K67830124
https://my.f5.com/manage/s/article/K80311892
https://my.f5.com/manage/s/article/K83102920
https://my.f5.com/manage/s/article/K90011301
https://my.f5.com/manage/s/article/K92451315

Reports indicated that proof-of-concept (PoC) exploit code is available for multiple vulnerabilities (CVE-2018-25032, CVE-2019-6110, CVE-2019-6111, CVE-2023-46218, and CVE-2023-51385). System administrators are advised to take immediate action to patch your affected systems to mitigate the elevated risk of cyber attacks.

 

Affected Systems:

  • APM Clients version 7.2.5
  • BIG-IP (all modules) versions 11.5.2 - 11.6.5
  • BIG-IP (all modules) versions 12.1.0 - 12.1.6
  • BIG-IP (all modules) versions 13.1.0 - 13.1.5
  • BIG-IP (all modules) versions 14.0.0 - 14.1.5
  • BIG-IP (all modules) versions 15.0.0 - 15.1.10
  • BIG-IP (all modules) versions 16.0.0 - 16.1.6
  • BIG-IP (all modules) versions 17.0.0 - 17.1.3
  • BIG-IP (all modules) versions 17.5.0 - 17.5.1
  • BIG-IP (all modules) versions 21.0.0
  • BIG-IP Next (LTM, WAF) versions 20.0.1 - 20.3.0
  • BIG-IP Next (all modules) versions 20.0.1 - 20.0.2
  • BIG-IP Next CNF versions 1.1.0 - 1.4.1
  • BIG-IP Next CNF versions 2.0.0 - 2.2.0
  • BIG-IP Next Central Manager versions 20.0.1 - 20.0.2
  • BIG-IP Next SPK versions 1.5.0 - 1.9.2
  • BIG-IP Next SPK versions 2.0.0 - 2.0.2
  • BIG-IP Next for Kubernetes versions 2.0.0 - 2.2.0
  • BIG-IQ Centralized Management versions 5.0.0 - 5.4.0
  • BIG-IQ Centralized Management versions 6.0.0 - 6.1.0
  • BIG-IQ Centralized Management versions 7.0.0 - 7.1.0
  • BIG-IQ Centralized Management versions 8.0.0 - 8.4.1
  • Enterprise Manager versions 3.1.1
  • F5 iWorkflow versions 2.3.0
  • F5OS versions 1.0.0 - 1.2.2
  • F5OS-A versions 1.0.0 - 1.8.3
  • F5OS-C versions 1.0.0 - 1.8.2
  • Traffix SDC versions 4.4.0
  • Traffix SDC versions 5.0.0 - 5.2.0

 

Impact:

Successful exploitation of the vulnerabilities could lead to remote code execution, denial of service, elevation of privilege, information disclosure, security restriction bypass, spoofing or tampering on an affected system.

 

Recommendation:

Software updates for affected systems are now available. System administrators of affected systems should follow the recommendations provided by the product vendor and take immediate actions to mitigate the risk. It is recommended to consult the product vendors for the fixes and assistance.

 

More Information:

  • https://my.f5.com/manage/s/article/K000135178
  • https://my.f5.com/manage/s/article/K000135921
  • https://my.f5.com/manage/s/article/K000137090
  • https://my.f5.com/manage/s/article/K000137093
  • https://my.f5.com/manage/s/article/K000138219
  • https://my.f5.com/manage/s/article/K000138650
  • https://my.f5.com/manage/s/article/K000138827
  • https://my.f5.com/manage/s/article/K000139641
  • https://my.f5.com/manage/s/article/K000139700
  • https://my.f5.com/manage/s/article/K000139901
  • https://my.f5.com/manage/s/article/K000148252
  • https://my.f5.com/manage/s/article/K000148259
  • https://my.f5.com/manage/s/article/K000148713
  • https://my.f5.com/manage/s/article/K000159887
  • https://my.f5.com/manage/s/article/K000159900
  • https://my.f5.com/manage/s/article/K00409335
  • https://my.f5.com/manage/s/article/K04107324
  • https://my.f5.com/manage/s/article/K04337834
  • https://my.f5.com/manage/s/article/K04367730
  • https://my.f5.com/manage/s/article/K05975972
  • https://my.f5.com/manage/s/article/K08827426
  • https://my.f5.com/manage/s/article/K08832573
  • https://my.f5.com/manage/s/article/K10224912
  • https://my.f5.com/manage/s/article/K11315080
  • https://my.f5.com/manage/s/article/K11542555
  • https://my.f5.com/manage/s/article/K12252011
  • https://my.f5.com/manage/s/article/K21350967
  • https://my.f5.com/manage/s/article/K21548854
  • https://my.f5.com/manage/s/article/K24624116
  • https://my.f5.com/manage/s/article/K31085564
  • https://my.f5.com/manage/s/article/K32380005
  • https://my.f5.com/manage/s/article/K34120074
  • https://my.f5.com/manage/s/article/K38271531
  • https://my.f5.com/manage/s/article/K38481791
  • https://my.f5.com/manage/s/article/K40508224
  • https://my.f5.com/manage/s/article/K42531048
  • https://my.f5.com/manage/s/article/K42910051
  • https://my.f5.com/manage/s/article/K44454157
  • https://my.f5.com/manage/s/article/K46641512
  • https://my.f5.com/manage/s/article/K48050136
  • https://my.f5.com/manage/s/article/K58243048
  • https://my.f5.com/manage/s/article/K67830124
  • https://my.f5.com/manage/s/article/K80311892
  • https://my.f5.com/manage/s/article/K83102920
  • https://my.f5.com/manage/s/article/K90011301
  • https://my.f5.com/manage/s/article/K92451315
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-9382
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10349 (to CVE-2016-10350)
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10661
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18342
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1122
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7167
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12115 (to CVE-2018-12116)
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12121 (to CVE-2018-12123)
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14468
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18397
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20685
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25032
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1125
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3856 (to CVE-2019-3858)
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3862 (to CVE-2019-3863)
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3900
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6109 (to CVE-2019-6111)
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10208
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13232
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18282
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1720
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1968
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1971
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-5923
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10029
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10878
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14145
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14314
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17507
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-22218
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23840
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-25217
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0359
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26340
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-40674
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-43750
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2650
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24329
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28484
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-46218
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-51385
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-6232
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9230
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-58187
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1642
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-20732
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22548


Tag: F5 , APM Clients , BIG-IP , BIG-IQ , F5 EM , F5 iWorkflow , F5OS-A , F5OS-C , Traffix SDC
Tags