Serial number: AV26-704
Date: July 15, 2026
On July 15, 2026, F5 published a security advisory to address vulnerabilities in the following products:
- NGINX Agent – versions 2.37.0 to 2.46.5
- NGINX Instance Manager – versions 2.17.1 to 2.22.1
- NGINX Plus – versions 37.0.0.1 to 37.0.2.1
- NGINX Plus – versions R33 to R36
- NGINX Open Source – multiple versions
- NGINX Instance Manager – versions 2.17.0 to 2.22.1
- F5 WAF for NGINX – versions 5.9.0 to 5.13.3
- NGINX App Protect WAF – versions 5.2.0 to 5.8.0
- NGINX App Protect WAF – versions 4.11.0 to 4.16.0
- NGINX Gateway Fabric – versions 2.0.0 to 2.6.6
- NGINX Gateway Fabric – versions 1.3.0 to 1.6.2
- NGINX Ingress Controller – multiple versions
- BIG-IP Next SPK – multiple versions
- BIG-IP Next CNF – multiple versions
- BIG-IP Next for Kubernetes – versions 2.0.0 to 2.3.1
- BIG-IP (all modules) – multiple versions
The Cyber Centre encourages users and administrators to review the provided web links and apply the necessary updates.