F5 Patches Two Critical NGINX Open Source Flaws Enabling Remote Code Execution
F5 has released security updates to address two critical security flaws in NGINX Open Source that could be exploited to achieve code execution on affected systems
Stay updated on F5 security insights: Explore the latest in application delivery controls, threat intelligence, and cyber defense with F5 tag news.
Search across headline titles and summaries.
Background for this topic.
F5 provides application-delivery technology, best known in security operations for BIG-IP appliances and software that load-balance traffic, terminate TLS, route requests, and can enforce web-application firewall, access-control, and denial-of-service protections. F5’s NGINX products are also used as reverse proxies and web servers. These components sit in front of applications, mediating internet traffic and trust boundaries.
Their privileged position makes exposed management interfaces, insecure configurations, leaked certificates or keys, and unpatched vulnerabilities especially significant: compromise can enable traffic interception, authentication bypass, request manipulation, or access to protected applications, depending on deployment. Security teams should inventory BIG-IP and NGINX instances and versions, restrict management planes, apply vendor fixes, review iRules, WAF, and access policies, and monitor administrative and anomalous proxy activity. During incidents, preserve configuration and traffic logs and assess whether TLS credentials or backend routes were exposed.
Weekly headline count for the current query.
F5 has released security updates to address two critical security flaws in NGINX Open Source that could be exploited to achieve code execution on affected systems
F5 released emergency updates for critical NGINX flaws (CVE-2026-42530, CVE-2026-42055) that could enable unauthenticated code execution. F5 has issued out-of-band patches for multiple NGINX vulnerabilities, including two critical flaws, respectively tracked as CVE-2026-42530 and CVE-2026-42055 (CVSS 9.2). The bugs affect HTTP modules and can be exploited remotely without authentication to trigger memory corruption, potentially causing […]
Cybersecurity company F5 has released out-of-band security updates to address multiple NGINX web server vulnerabilities, including two critical-severity flaws that could allow attackers to execute code on vulnerable systems. [...]
A multi-stage attack on Linux devices began with an exposed F5 BIG-IP edge appliance and pivoted to an internal Confluence server for credential theft and identity compromise. Learn how the threat actor attempted Kerberos relay and lateral movement, and how Microsoft Defender detected, blocked, and unraveled the attack. The post From edge appliance to enterprise compromise: Multi-stage Linux intrusion via F5 and Confluence appeared first on Microsoft Security Blog.
Internet security watchdog Shadowserver has found over 14,000 BIG-IP APM instances exposed online amid ongoing attacks exploiting a critical-severity remote code execution (RCE) vulnerability. [...]
The National Cyber Security Centre wants UK firms to patch CVE-2025-53521
CVE-2025-53521 was initially disclosed in October as a high-severity denial-of-service (DoS) flaw, but new information has revealed the bug is actually much more dangerous.
CVE-2025-53521 was initially disclosed in October as a high-severity denial-of-service (DoS) flaw, but new information has revealed the bug is actually much more dangerous.
F5 Revises Severity of Flaw Disclosed Last YearFlaws in major application delivery and security platforms and VPN gateways are being actively exploited or targeted. Under fire: a vulnerability in F5 BIG-IP Access Policy Manager can facilitate remote code execution, and a "memory overread" flaw in NetScaler Application Delivery Controller.
F5 has reclassified a BIG-IP APM denial-of-service (DoS) vulnerability as a critical-severity remote code execution (RCE) flaw, warning that attackers are exploiting it to deploy webshells on unpatched devices. [...]
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Friday added a critical security flaw impacting F5 BIG-IP Access Policy Manager (APM) to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation
Conduent Gets Sued; US Government's Cyber Shutdown Woes; Hacktivist Hits RiseThe latest ISMG Editors' Panel tackles: post-hack legal fallout for Conduent after it suffered the year's biggest health data breach, the U.S. government's shutdown complicating its response to the breach of vendor F5 and the rise in attacks targeting Western critical national infrastructure.
Officials Say Major Staffing Cuts and Furloughs Undercut Response to F5 CyberattackCurrent and former federal officials tell Information Security Media Group furloughs and leadership gaps across the federal cyber ecosystem have hindered the U.S. government's ability to coordinate response efforts after a nation-state actor exploited flaws in F5’s BIG-IP systems amid the shutdown.
Also: F5 Revenue Dips, Swedish Utility Operator BreachedThis week, critical infrastructure breaches in Canada, a Swedish grid operator breached, an Australian guilty of selling cyber exploits, Gmail wasn't breached, F5 projected a revenue dip, PhantomRaven targeted developers, a Pakistan-linked actor targeted India and Dentsu confirmed a data breach.
Security, trust, and stability — once the pillars of our digital world — are now the tools attackers turn against us. From stolen accounts to fake job offers, cybercriminals keep finding new ways to exploit both system flaws and human behavior
It’s easy to think your defenses are solid — until you realize attackers have been inside them the whole time. The latest incidents show that long-term, silent breaches are becoming the norm. The best defense now isn’t just patching fast, but watching smarter and staying alert for what you don’t expect
Concerns Grow Over F5 Hacking Amid Stalled Government ShutdownFederal officials are scrambling to contain nation-state hackers exploiting stolen source code from networking devices and software maker F5 amid staffing pressures created by the ongoing government shutdown. Stolen files reportedly include undisclosed vulnerabilities F5 had been researching.
Internet security nonprofit Shadowserver Foundation has found more than 266,000 F5 BIG-IP instances exposed online after the security breach disclosed by cybersecurity company F5 this week. [...]
F5 has admitted a nation state actor has stolen source code and information on undisclosed vulnerabilities
Federal Agencies Ordered to Patch or Decommission F5 Devices Amid Imminent RiskAn advanced nation-state threat actor stole sensitive F5 source code and vulnerability data to craft tailored exploits, prompting an emergency directive amid a U.S. government shutdown that has left cyber defenses strained and federal networks at "imminent risk."