These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.
A vulnerability exists in the ngx_http_scgi_module and ngx_http_uwsgi_module modules of NGINX that may result in excessive memory allocation or an over-read of data. When scgi_pass or uwsgi_pass is configured, an unauthenticated attacker with man-in-the-middle (MITM) ability to control responses from an upstream server may be able to read the memory of the NGINX worker process or restart it.
CVE-2026-42406 is a high-severity vulnerability in F5 BIG-IP and BIG-IQ systems. A highly privileged, authenticated attacker with at least the Certificate Manager role can modify configuration objects to run arbitrary commands. This issue affects multiple F5 products across various versions. The CVSS score is 8.5, indicating a high level of severity.
CVE-2026-41959 is a HIGH-severity vulnerability affecting F5 BIG-IP and BIG-IQ TMOS Shell (tmsh) network diagnostics commands and BIG-IP iControl REST. An authenticated attacker may exploit this vulnerability to view the network status of destination systems. The vulnerability has a CVSS score of 7.1 and was published on May 13, 2026. Multiple versions of BIG-IP and BIG-IQ are affected, including those th [truncated]
CVE-2026-41957 is an authenticated remote code execution vulnerability in the BIG-IP and BIG-IQ Configuration utility. Defenders should assess exposure given the high CVSS score of 8.7 and the wide range of affected products. This vulnerability was made public on May 13, 2026, and last modified on June 23, 2026. The priority posture for defenders is to review and apply mitigations, especially given the hi [truncated]
CVE-2026-41956 is a high-severity vulnerability in F5 BIG-IP Traffic Management Microkernel. When a classification profile is configured on a UDP virtual server, undisclosed requests can cause the Traffic Management Microkernel (TMM) to terminate. This issue affects multiple F5 BIG-IP products and versions. The Common Vulnerability Scoring System (CVSS) score for this vulnerability is 8.7, indicating a hi [truncated]
CVE-2026-41954 is a sensitive information disclosure vulnerability in undisclosed iControl REST endpoint and TMOS Shell (tmsh) command of F5 products. An authenticated attacker with resource administrator role privileges may be able to view sensitive information. The vulnerability has a CVSS score of 6.9 and a severity of MEDIUM. F5 has provided mitigation guidance in article K32950402.
CVE-2026-41953 is a high-severity vulnerability in BIG-IP systems that allows a highly privileged, authenticated attacker to modify configuration objects, resulting in privilege escalation. The vulnerability has a CVSS score of 8.5 and is considered HIGH. F5 has provided mitigation guidance for this issue. Software versions that have reached End of Technical Support (EoTS) are not evaluated. The CVE was p [truncated]
CVE-2026-41227 is a vulnerability in F5 BIG-IP Advanced Web Application Firewall that can result in an increase in memory consumption causing the Traffic Management Microkernel (TMM) process to terminate. This issue affects multiple F5 products, including BIG-IP Advanced Web Application Firewall, BIG-IP Application Security Manager, and BIG-IP DDoS Hybrid Defender. The vulnerability has a CVSS score of 8. [truncated]
CVE-2026-41225 is a vulnerability in F5 iControl REST that allows a highly privileged, authenticated attacker with at least the Manager role to create configuration objects that enable running arbitrary commands. This issue affects multiple F5 products across various versions. The vulnerability has a CVSS score of 8.6 and is classified as HIGH severity. F5 has provided mitigation guidance for this issue.
A cross-site request forgery (CSRF) vulnerability exists in the dashboard of the BIG-IP Configuration utility. This vulnerability, tracked as CVE-2026-40703, has a CVSS score of 5.3 and is considered medium severity. The vulnerability affects various versions of BIG-IP products, including BIG-IP Access Policy Manager, BIG-IP Advanced Firewall Manager, and others. Software versions that have reached End of [truncated]
CVE-2026-40699 is a high-severity vulnerability in F5 BIG-IP Access Policy Manager. A low-privileged authenticated attacker may access undisclosed sensitive information. The vulnerability has a CVSS score of 7.1 and is considered HIGH. F5 has provided mitigation guidance. Software versions that have reached End of Technical Support (EoTS) are not evaluated.
CVE-2025-53521 is a known-exploited F5 BIG-IP stack-based buffer overflow vulnerability listed by CISA in the Known Exploited Vulnerabilities catalog on 2026-03-27, with a remediation due date of 2026-03-30. Based on the supplied official sources, the safest assumption is that affected BIG-IP deployments should be treated as urgent priority, especially if internet-facing. Follow F5’s mitigation guidance, [truncated]
CVE-2023-46748 is a SQL injection vulnerability in the F5 BIG-IP Configuration Utility that CISA added to its Known Exploited Vulnerabilities catalog on 2023-10-31. Because CISA lists it as actively exploited, affected environments should be treated as urgent remediation items. The supplied official sources confirm the KEV status and the vendor product name, but do not provide affected versions or CVSS da [truncated]
CVE-2023-46747 affects the F5 BIG-IP Configuration Utility and is described as an authentication bypass vulnerability. CISA added it to the Known Exploited Vulnerabilities catalog on 2023-10-31, and the KEV record notes known ransomware campaign use. Because the source corpus identifies this as a known exploited issue, defenders should treat it as urgent and follow vendor guidance immediately; if mitigati [truncated]
CVE-2022-1388 affects F5 BIG-IP and is described as a missing authentication vulnerability. CISA lists it in the Known Exploited Vulnerabilities catalog, which indicates confirmed exploitation and makes it a high-priority remediation item. CISA also records known ransomware campaign use. The defensive takeaway is straightforward: treat this as urgent, apply vendor updates per F5 guidance, and prioritize a [truncated]
CVE-2021-22991 is a buffer overflow affecting F5 BIG-IP Traffic Management Microkernel. CISA added it to the Known Exploited Vulnerabilities catalog on 2022-01-18, which means it should be treated as a high-priority remediation item. The corpus provided here does not include affected versions, exploit mechanics, or vendor advisory details, so the safest defensive response is to follow F5 remediation guida [truncated]
CVE-2021-22986 is a high-priority F5 vulnerability affecting BIG-IP and BIG-IQ Centralized Management. The issue is described as an iControl REST remote code execution vulnerability and was added to CISA’s Known Exploited Vulnerabilities catalog on 2021-11-03. CISA also marks it as associated with known ransomware campaign use, which raises the urgency for remediation. For defenders, this is a “patch now” [truncated]
CVE-2020-5902 is an F5 BIG-IP Traffic Management User Interface (TMUI) remote code execution issue. CISA added it to the Known Exploited Vulnerabilities catalog on 2021-11-03, marked it as having known ransomware campaign use, and set the remediation expectation to apply updates per vendor instructions.
CVE-2016-6249 is an information disclosure issue in F5 BIG-IP. When certain REST authentication requests time out, sensitive attributes such as passwords may be written in plaintext to /var/log/restjavad.0.log. A local user with access to the appliance can then read the log file and recover that data. The NVD assigns a medium-severity score and maps the weakness to CWE-200.
CVE-2016-9244, commonly referred to as Ticketbleed, is a confidentiality issue in F5 BIG-IP when a virtual server uses a Client SSL profile with the non-default Session Tickets option enabled. A remote attacker can cause up to 31 bytes of uninitialized memory to be returned, which may expose SSL session IDs from other sessions and possibly additional data. NVD rates the issue CVSS 7.5 HIGH.
CVE-2016-9249 is a denial-of-service issue affecting F5 BIG-IP deployments with TCP Fast Open enabled on a virtual server. According to the official NVD description, an undisclosed traffic pattern can cause the Traffic Management Microkernel (TMM) to restart, interrupting traffic handling and availability. The CVE was published on 2017-01-31 and is rated HIGH in the supplied corpus.