F5 security advisory (AV26-704)

Serial number: AV26-704
Date: July 15, 2026

On July 15, 2026, F5 published a security advisory to address vulnerabilities in the following products:

  • NGINX Agent – versions 2.37.0 to 2.46.5
  • NGINX Instance Manager – versions 2.17.1 to 2.22.1
  • NGINX Plus – versions 37.0.0.1 to 37.0.2.1
  • NGINX Plus – versions R33 to R36
  • NGINX Open Source – multiple versions
  • NGINX Instance Manager – versions 2.17.0 to 2.22.1
  • F5 WAF for NGINX – versions 5.9.0 to 5.13.3
  • NGINX App Protect WAF – versions 5.2.0 to 5.8.0
  • NGINX App Protect WAF – versions 4.11.0 to 4.16.0
  • NGINX Gateway Fabric – versions 2.0.0 to 2.6.6
  • NGINX Gateway Fabric – versions 1.3.0 to 1.6.2
  • NGINX Ingress Controller – multiple versions
  • BIG-IP Next SPK – multiple versions
  • BIG-IP Next CNF – multiple versions
  • BIG-IP Next for Kubernetes – versions 2.0.0 to 2.3.1
  • BIG-IP (all modules) – multiple versions

The Cyber Centre encourages users and administrators to review the provided web links and apply the necessary updates.

Date modified: