Serial number: AV26-501
Date: May 22, 2026
On May 22, 2026, F5 published a security advisory to address a critical vulnerability in the following products:
- NGINX Plus – multiple versions
- NGINX Open Source – multiple versions
- NGINX Instance Manager – versions 2.17.0 to 2.22.0
- F5 WAF for NGINX – versions 5.9.0 to 5.13.0
- NGINX App Protect WAF – multiple versions
- F5 DoS for NGINX – version 4.9.0
- NGINX App Protect DoS – versions 4.3.0 to 4.7.0
- NGINX Gateway Fabric – multiple versions
- NGINX Ingress Controller – multiple versions
The Cyber Centre encourages users and administrators to review the provided web links and apply the necessary updates.