F5 BIG-IP: Quarterly security update closes numerous vulnerabilities

Due to several security vulnerabilities, corporate networks using F5 products are vulnerable. The company has now released its quarterly security update. So far, there are no indications of attacks.

Because attackers can often access actually protected areas of networks after successful attacks in the context of BIG-IP, administrators should patch promptly.

Various Dangers

If this is not done, attackers can initiate attacks for malware, among other things, on BIG-IP (all modules) and BIG-IQ Centralized Management (CVE-2026-41957 "high"). However, attackers must already be authenticated for this. The developers state that they have closed the vulnerability in versions 17.1.3.1, 17.5.1.4, and 21.0.0.

Third-party software such as NGINX Plus and NGINX Open Source is also affected. Here, attackers can execute malware without authentication via prepared HTTP requests (CVE-2026-42945 "critical").

Furthermore, there are security updates for other BIG-IP components and iControl REST, among others. At these points, SSL errors and DoS conditions can occur, among other things. The latter attack leads to crashes, which in the context of networks can lead to far-reaching disruptions. For example, instances important for business operations may not be accessible. In addition, attackers can bypass restrictions or gain higher user privileges to spread further.

Install Patches

As the list of available security updates is too extensive for this report, administrators must study the warning messages in the security section of the F5 website and search for the security updates relevant to them.

(des)