Skip to content

F5 BIG-IP: Quarterly Security Update Closes Multiple Vulnerabilities

(Image: VideoFlow/Shutterstock.com)

The network equipment manufacturer F5 has published important security updates for various BIG-IP products.

Due to multiple security vulnerabilities, enterprise networks using F5 products are at risk. The company has now released its quarterly security update. To date, there are no indications of attacks in the wild.

Because attackers following successful attacks in the context of BIG-IP can often access otherwise protected areas of networks, administrators should apply patches promptly.

If this is not done, attackers can target BIG-IP (all modules) and BIG-IQ Centralized Management for code execution attacks (CVE-2026-41957 [1]high“). However, attackers must already be authenticated. The developers state they have closed the vulnerability in versions 17.1.3.1, 17.5.1.4 and 21.0.0.

However, third-party software such as NGINX Plus and NGINX Open Source are also affected. Here, attackers can execute malicious code without authentication via crafted HTTP requests (CVE-2026-42945 [2]critical“).

Additionally, there are security updates for various other BIG-IP components and iControl REST. These areas can experience SSL errors and DoS conditions, among other issues. The latter attack leads to crashes, which in the context of networks can cause far-reaching disruptions. For example, instances critical for business operations may become unavailable. Furthermore, attackers can bypass restrictions or obtain higher user privileges to spread further.

Because the list of available security updates would exceed the scope of this report, administrators must review the advisories in the security section of the F5 website [3] and search for the security updates relevant to their environment.

(des [5])


URL of this article:
https://www.heise.de/-11294929

Links in this article:

  1. https://my.f5.com/manage/s/article/K000156761
  2. https://my.f5.com/manage/s/article/K000158029
  3. https://my.f5.com/manage/s/article/K000160932
  4. heise security PRO
  5. mailto:des@heise.de

heise security News

Share on: