InfoSecBulletin Cybersecurity for mankind
F5 Networks has issued its Quarterly Security Notification, highlighting several vulnerabilities that may severely impact enterprise infrastructures. F5 rates these flaws as “Medium” severity, but the CVSS v4.0 framework scores the most critical issues at 8.2 (High), indicating serious risks for production environments using BIG-IP, NGINX, and similar components.
High-Risk Vulnerabilities Identified:
LastPass says hackers stole customer data via Klue, supply chain breach
New Apple Exploit Bypasses Boot Defenses, Possibly Affects Millions of iPhones Worldwide
India’s Tata Electronics hit by cyber breach: Hacker target 630 GB record
Anthropic’s Mythos reportedly broke NSA classified systems in hours
OpenAI New Method “Deployment Simulation” Predicts AI Risks Before Deployment
AryStinger botnet infected thousands of D-Link routers globally
Hacker suspected of sending alerts across Brazil
CyberSentinel AI features 33 security tools like Nmap, SQLMap, and ZAP, utilizing Claude and GPT
Barracuda hosts Dhaka roundtable on cyber resilience
CISA Alerts Fortinet Users as FortiBleed Affects 86,644 FortiGate Devices
The advisory highlights three main vulnerabilities affecting BIG-IP Advanced WAF, NGINX Plus, and BIG-IP Container Ingress Services (CIS). Unpatched components can be prime targets for attackers since they manage important routing and load balancing for applications.
This vulnerability impacts BIG-IP Advanced Web Application Firewall (WAF) and Application Security Manager (ASM).
A score of 8.2 (High) means that remote attackers can bypass security filters or disrupt web application protections. This issue impacts versions 17.1.0 to 17.1.2, with a fix in version 17.1.3.
A significant flaw has been identified in the NGINX ecosystem, including NGINX Open Source, NGINX Plus, and the NGINX Ingress Controller.
| CVE ID | Component | Severity (CVSS v4.0) | Affected Versions |
|---|---|---|---|
| CVE-2026-22548 | BIG-IP Adv. WAF / ASM | 8.2 (High) | 17.1.0 – 17.1.2 |
| CVE-2026-1642 | NGINX Plus | 8.2 (High) | R32 – R36 P1 |
| CVE-2026-1642 | NGINX Open Source | 8.2 (High) | 1.3.0 – 1.29.4 |
| CVE-2026-1642 | NGINX Ingress Controller | 8.2 (High) | 5.3.0 – 5.3.2 |
| CVE-2026-22549 | BIG-IP Container Ingress | 6.9 (Medium) | 2.0.0 – 2.20.1 |
| CVE-2026-20730 | BIG-IP Edge Client (Win) | 2.0 (Low) | 7.2.5 – 7.2.6.1 |
| CVE-2026-20732 | BIG-IP Config Utility | 2.3 (Low) | 17.1.0 – 17.1.3 |
NGINX Gateway Fabric and Instance Manager also need individual patches based on deployment settings.
F5 revealed a configuration issue in BIG-IP SMTP modules (K000156643). Misconfigured email relay settings can lead to information leaks or unauthorized relaying, even if it’s not a software issue.
Administrators should apply the hardening measures introduced in versions 17.5.1.4 and 21.0.0.1.
Inventory Assets: Identify all in-scope BIG-IP and NGINX instances.
Verify Versions: Cross-check with the affected versions listed above.
Apply Patches: Implement urgently, especially for CVE-2026-22548 and CVE-2026-1642.
Harden Configurations: Review SMTP module settings to close configuration gaps.
Security teams should prioritize these updates to ensure the continued protection of application delivery pipelines and perimeter traffic management systems.
