F5 Big-ip Next For Kubernetes — known CVE vulnerabilities
Every CVE whose affected-product data names F5 Big-ip Next For Kubernetes, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (12)
CVE-2026-42409 — CVSS 7.5 (high): When an HTTP/2 profile and an iRule containing the HTTP::redirect or HTTP::respond command are configured on a virtual server, undisclosed…
CVE-2026-40629 — CVSS 7.5 (high): When SSL profiles are configured on a virtual server, undisclosed traffic can cause the virtual server to stop processing new client…
CVE-2026-41956 — CVSS 7.5 (high): When a classification profile is configured on a UDP virtual server, undisclosed requests can cause the Traffic Management Microkernel…
CVE-2025-54479 — CVSS 7.5 (high): When a classification profile is configured on a virtual server without an HTTP or HTTP/2 profile, undisclosed requests can cause the…
CVE-2025-58071 — CVSS 7.5 (high): When IPsec is configured on the BIG-IP system, undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate. Note…
CVE-2025-58120 — CVSS 7.5 (high): When HTTP/2 Ingress is configured, undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software…
CVE-2025-61974 — CVSS 7.5 (high): When a client SSL profile is configured on a virtual server, undisclosed requests can cause an increase in memory resource utilization…
CVE-2025-61990 — CVSS 7.5 (high): When using a multi-bladed platform with more than one blade, undisclosed traffic can cause the Traffic Management Microkernel (TMM) to…
CVE-2026-40618 — CVSS 7.5 (high): When an SSL profile is configured on a virtual server on BIG-IP Virtual Edition (VE) without Intel QuickAssist Technology (QAT) or on…
CVE-2025-54805 — CVSS 6.5 (medium): When an iRule is configured on a virtual server via the declarative API, upon re-instantiation, the cleanup process can cause an increase…
CVE-2025-55670 — CVSS 6.5 (medium): On BIG-IP Next CNF, BIG-IP Next SPK, and BIG-IP Next for Kubernetes systems, repeated undisclosed API calls can cause the Traffic…
CVE-2025-54500 — CVSS 5.3 (medium): An HTTP/2 implementation flaw allows a denial-of-service (DoS) that uses malformed HTTP/2 control frames in order to break the max…