F5 Big-ip Next Spk
22 CVEs affecting F5 Big-ip Next Spk. Latest disclosed: 2026-05-13. Critical: 0, High: 18.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2026-42409 | High | 7.5 | 2026-05-13 | When an HTTP/2 profile and an iRule containing the HTTP::redirect or HTTP::respond command are configured on a virtual server, undisclosed requests can cause t… |
CVE-2026-40629 | High | 7.5 | 2026-05-13 | When SSL profiles are configured on a virtual server, undisclosed traffic can cause the virtual server to stop processing new client connections. Note: Softwa… |
CVE-2026-40618 | High | 7.5 | 2026-05-13 | When an SSL profile is configured on a virtual server on BIG-IP Virtual Edition (VE) without Intel QuickAssist Technology (QAT) or on BIG-IP hardware platforms… |
CVE-2025-61990 | High | 7.5 | 2025-10-15 | When using a multi-bladed platform with more than one blade, undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate. Note: Softwa… |
CVE-2025-61974 | High | 7.5 | 2025-10-15 | When a client SSL profile is configured on a virtual server, undisclosed requests can cause an increase in memory resource utilization. Note: Software version… |
CVE-2025-58120 | High | 7.5 | 2025-10-15 | When HTTP/2 Ingress is configured, undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have rea… |
CVE-2025-46706 | High | 7.5 | 2025-10-15 | When an iRule containing the HTTP::respond command is configured on a virtual server, undisclosed requests can cause an increase in memory resource utilization… |
CVE-2025-48008 | High | 7.5 | 2025-10-15 | When a TCP profile with Multipath TCP (MPTCP) enabled is configured on a virtual server, undisclosed traffic along with conditions beyond the attacker's contro… |
CVE-2025-60016 | High | 7.5 | 2025-10-15 | When Diffie-Hellman (DH) group Elliptic Curve Cryptography (ECC) Brainpool curves are configured in an SSL profile's Cipher Rule or Cipher Group, and that prof… |
CVE-2025-36504 | High | 7.5 | 2025-05-07 | When a BIG-IP HTTP/2 httprouter profile is configured on a virtual server, undisclosed responses can cause an increase in memory resource utilization. Note: S… |
CVE-2025-41414 | High | 7.5 | 2025-05-07 | When HTTP/2 client and server profile is configured on a virtual server, undisclosed requests can cause TMM to terminate. Note: Software versions which h… |
CVE-2025-36557 | High | 7.5 | 2025-05-07 | When an HTTP profile with the Enforce RFC Compliance option is configured on a virtual server, undisclosed requests can cause the Traffic Management Microkerne… |
CVE-2025-41399 | High | 7.5 | 2025-05-07 | When a Stream Control Transmission Protocol (SCTP) profile is configured on a virtual server, undisclosed requests can cause an increase in memory resource uti… |
CVE-2025-22846 | High | 7.5 | 2025-02-05 | When SIP Session and Router ALG profiles are configured on a Message Routing type virtual server, undisclosed traffic can cause the Traffic Management Microker… |
CVE-2024-23314 | High | 7.5 | 2024-02-14 | When HTTP/2 is configured on BIG-IP or BIG-IP Next SPK systems, undisclosed responses can cause the Traffic Management Microkernel (TMM) to terminate. Note: S… |
CVE-2023-40534 | High | 7.5 | 2023-10-10 | When a client-side HTTP/2 profile and the HTTP MRF Router option are enabled for a virtual server, and an iRule using the HTTP_REQUEST event or Local Traffic P… |
CVE-2023-45226 | High | 7.4 | 2023-10-10 | The BIG-IP SPK TMM (Traffic Management Module) f5-debug-sidecar and f5-debug-sshd containers contains hardcoded credentials that may allow an attacker with th… |
CVE-2024-23306 | High | 7.1 | 2024-02-14 | A vulnerability exists in BIG-IP Next CNF and SPK systems that may allow access to undisclosed sensitive files. Note: Software versions which have reached End… |
CVE-2025-54805 | Medium | 6.5 | 2025-10-15 | When an iRule is configured on a virtual server via the declarative API, upon re-instantiation, the cleanup process can cause an increase in the Traffic Manage… |
CVE-2025-55670 | Medium | 6.5 | 2025-10-15 | On BIG-IP Next CNF, BIG-IP Next SPK, and BIG-IP Next for Kubernetes systems, repeated undisclosed API calls can cause the Traffic Management Microkernel (TMM)… |