F5 Big-ip Next For Kubernetes
12 CVEs affecting F5 Big-ip Next For Kubernetes. Latest disclosed: 2026-05-13. Critical: 0, High: 9.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2026-42409 | High | 7.5 | 2026-05-13 | When an HTTP/2 profile and an iRule containing the HTTP::redirect or HTTP::respond command are configured on a virtual server, undisclosed requests can cause t… |
CVE-2026-41956 | High | 7.5 | 2026-05-13 | When a classification profile is configured on a UDP virtual server, undisclosed requests can cause the Traffic Management Microkernel (TMM) to terminate. Not… |
CVE-2026-40629 | High | 7.5 | 2026-05-13 | When SSL profiles are configured on a virtual server, undisclosed traffic can cause the virtual server to stop processing new client connections. Note: Softwa… |
CVE-2026-40618 | High | 7.5 | 2026-05-13 | When an SSL profile is configured on a virtual server on BIG-IP Virtual Edition (VE) without Intel QuickAssist Technology (QAT) or on BIG-IP hardware platforms… |
CVE-2025-61990 | High | 7.5 | 2025-10-15 | When using a multi-bladed platform with more than one blade, undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate. Note: Softwa… |
CVE-2025-58071 | High | 7.5 | 2025-10-15 | When IPsec is configured on the BIG-IP system, undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions wh… |
CVE-2025-61974 | High | 7.5 | 2025-10-15 | When a client SSL profile is configured on a virtual server, undisclosed requests can cause an increase in memory resource utilization. Note: Software version… |
CVE-2025-58120 | High | 7.5 | 2025-10-15 | When HTTP/2 Ingress is configured, undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have rea… |
CVE-2025-54479 | High | 7.5 | 2025-10-15 | When a classification profile is configured on a virtual server without an HTTP or HTTP/2 profile, undisclosed requests can cause the Traffic Management Microk… |
CVE-2025-54805 | Medium | 6.5 | 2025-10-15 | When an iRule is configured on a virtual server via the declarative API, upon re-instantiation, the cleanup process can cause an increase in the Traffic Manage… |
CVE-2025-55670 | Medium | 6.5 | 2025-10-15 | On BIG-IP Next CNF, BIG-IP Next SPK, and BIG-IP Next for Kubernetes systems, repeated undisclosed API calls can cause the Traffic Management Microkernel (TMM)… |
CVE-2025-54500 | Medium | 5.3 | 2025-08-13 | An HTTP/2 implementation flaw allows a denial-of-service (DoS) that uses malformed HTTP/2 control frames in order to break the max concurrent streams limit (HT… |