U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Vulnerability Change Records for CVE-2026-41959

Change History

Initial Analysis by NIST 6/24/2026 10:52:18 AM

Action Type Old Value New Value
Added CPE Configuration

                  
                
              
OR
          *cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:* versions from (including) 16.1.0 up to (including) 16.1.6
          *cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:* versions from (including) 16.1.0 up to (including) 16.1.6
          *cpe:2.3:a:f5:big-ip_advanced_web_application_firewall:*:*:*:*:*:*:*:* versions from (including) 16.1.0 up to (including) 16.1.6
          *cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:* versions from (including) 16.1.0 up to (including) 16.1.6
          *cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:* versions from (including) 16.1.0 up to (including) 16.1.6
          *cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:* versions from (including) 16.1.0 up to (including) 16.1.6
          *cpe:2.3:a:f5:big-ip_application_visibility_and_reporting:*:*:*:*:*:*:*:* versions from (including) 16.1.0 up to (including) 16.1.6
          *cpe:2.3:a:f5:big-ip_automation_toolchain:*:*:*:*:*:*:*:* versions from (including) 16.1.0 up to (including) 16.1.6
          *cpe:2.3:a:f5:big-ip_carrier-grade_nat:*:*:*:*:*:*:*:* versions from (including) 16.1.0 up to (including) 16.1.6
          *cpe:2.3:a:f5:big-ip_container_ingress_services:*:*:*:*:*:*:*:* versions from (including) 16.1.0 up to (including) 16.1.6
          *cpe:2.3:a:f5:big-ip_ddos_hybrid_defender:*:*:*:*:*:*:*:* versions from (including) 16.1.0 up to (including) 16.1.6
          *cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:* versions from (including) 16.1.0 up to (including) 16.1.6
          *cpe:2.3:a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:* versions from (including) 16.1.0 up to (including) 16.1.6
          *cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:* versions from (including) 16.1.0 up to (including) 16.1.6
          *cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:* versions from (including) 16.1.0 up to (including) 16.1.6
          *cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:* versions from (including) 16.1.0 up to (including) 16.1.6
          *cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:* versions from (including) 16.1.0 up to (including) 16.1.6
          *cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:* versions from (including) 16.1.0 up to (including) 16.1.6
          *cpe:2.3:a:f5:big-ip_ssl_orchestrator:*:*:*:*:*:*:*:* versions from (including) 16.1.0 up to (including) 16.1.6
          *cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:* versions from (including) 16.1.0 up to (including) 16.1.6
          *cpe:2.3:a:f5:big-ip_websafe:*:*:*:*:*:*:*:* versions from (including) 16.1.0 up to (including) 16.1.6
Added CPE Configuration

                  
                
              
OR
          *cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:* versions from (including) 17.5.0 up to (including) 17.5.1
          *cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:* versions from (including) 17.5.0 up to (including) 17.5.1
          *cpe:2.3:a:f5:big-ip_advanced_web_application_firewall:*:*:*:*:*:*:*:* versions from (including) 17.5.0 up to (including) 17.5.1
          *cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:* versions from (including) 17.5.0 up to (including) 17.5.1
          *cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:* versions from (including) 17.5.0 up to (including) 17.5.1
          *cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:* versions from (including) 17.5.0 up to (including) 17.5.1
          *cpe:2.3:a:f5:big-ip_application_visibility_and_reporting:*:*:*:*:*:*:*:* versions from (including) 17.5.0 up to (including) 17.5.1
          *cpe:2.3:a:f5:big-ip_automation_toolchain:*:*:*:*:*:*:*:* versions from (including) 17.5.0 up to (including) 17.5.1
          *cpe:2.3:a:f5:big-ip_carrier-grade_nat:*:*:*:*:*:*:*:* versions from (including) 17.5.0 up to (including) 17.5.1
          *cpe:2.3:a:f5:big-ip_container_ingress_services:*:*:*:*:*:*:*:* versions from (including) 17.5.0 up to (including) 17.5.1
          *cpe:2.3:a:f5:big-ip_ddos_hybrid_defender:*:*:*:*:*:*:*:* versions from (including) 17.5.0 up to (including) 17.5.1
          *cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:* versions from (including) 17.5.0 up to (including) 17.5.1
          *cpe:2.3:a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:* versions from (including) 17.5.0 up to (including) 17.5.1
          *cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:* versions from (including) 17.5.0 up to (including) 17.5.1
          *cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:* versions from (including) 17.5.0 up to (including) 17.5.1
          *cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:* versions from (including) 17.5.0 up to (including) 17.5.1
          *cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:* versions from (including) 17.5.0 up to (including) 17.5.1
          *cpe:2.3:a:f5:big-ip_ssl_orchestrator:*:*:*:*:*:*:*:* versions from (including) 17.5.0 up to (including) 17.5.1
          *cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:* versions from (including) 17.5.0 up to (including) 17.5.1
          *cpe:2.3:a:f5:big-ip_websafe:*:*:*:*:*:*:*:* versions from (including) 17.5.0 up to (including) 17.5.1
          *cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:* versions from (including) 17.5.0 up to (including) 17.5.1
          *cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:* versions from (including) 17.1.0 up to (including) 17.1.3
          *cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:* versions from (including) 17.1.0 up to (including) 17.1.3
          *cpe:2.3:a:f5:big-ip_advanced_web_application_firewall:*:*:*:*:*:*:*:* versions from (including) 17.1.0 up to (including) 17.1.3
          *cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:* versions from (including) 17.1.0 up to (including) 17.1.3
          *cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:* versions from (including) 17.1.0 up to (including) 17.1.3
          *cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:* versions from (including) 17.1.0 up to (including) 17.1.3
          *cpe:2.3:a:f5:big-ip_application_visibility_and_reporting:*:*:*:*:*:*:*:* versions from (including) 17.1.0 up to (including) 17.1.3
          *cpe:2.3:a:f5:big-ip_automation_toolchain:*:*:*:*:*:*:*:* versions from (including) 17.1.0 up to (including) 17.1.3
          *cpe:2.3:a:f5:big-ip_carrier-grade_nat:*:*:*:*:*:*:*:* versions from (including) 17.1.0 up to (including) 17.1.3
          *cpe:2.3:a:f5:big-ip_container_ingress_services:*:*:*:*:*:*:*:* versions from (including) 17.1.0 up to (including) 17.1.3
          *cpe:2.3:a:f5:big-ip_ddos_hybrid_defender:*:*:*:*:*:*:*:* versions from (including) 17.1.0 up to (including) 17.1.3
          *cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:* versions from (including) 17.1.0 up to (including) 17.1.3
          *cpe:2.3:a:f5:big-ip_websafe:*:*:*:*:*:*:*:* versions from (including) 17.1.0 up to (including) 17.1.3
          *cpe:2.3:a:f5:big-ip_ssl_orchestrator:*:*:*:*:*:*:*:* versions from (including) 17.1.0 up to (including) 17.1.3
          *cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:* versions from (including) 17.1.0 up to (including) 17.1.3
          *cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:* versions from (including) 17.1.0 up to (including) 17.1.3
          *cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:* versions from (including) 17.1.0 up to (including) 17.1.3
          *cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:* versions from (including) 17.1.0 up to (including) 17.1.3
          *cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:* versions from (including) 17.1.0 up to (including) 17.1.3
          *cpe:2.3:a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:* versions from (including) 17.1.0 up to (including) 17.1.3
          *cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:* versions from (including) 17.1.0 up to (including) 17.1.3
Added CPE Configuration

                  
                
              
OR
          *cpe:2.3:a:f5:big-ip_access_policy_manager:21.0.0:*:*:*:*:*:*:*
          *cpe:2.3:a:f5:big-ip_advanced_firewall_manager:21.0.0:*:*:*:*:*:*:*
          *cpe:2.3:a:f5:big-ip_advanced_web_application_firewall:21.0.0:*:*:*:*:*:*:*
          *cpe:2.3:a:f5:big-ip_analytics:21.0.0:*:*:*:*:*:*:*
          *cpe:2.3:a:f5:big-ip_application_acceleration_manager:21.0.0:*:*:*:*:*:*:*
          *cpe:2.3:a:f5:big-ip_application_security_manager:21.0.0:*:*:*:*:*:*:*
          *cpe:2.3:a:f5:big-ip_application_visibility_and_reporting:21.0.0:*:*:*:*:*:*:*
          *cpe:2.3:a:f5:big-ip_automation_toolchain:21.0.0:*:*:*:*:*:*:*
          *cpe:2.3:a:f5:big-ip_carrier-grade_nat:21.0.0:*:*:*:*:*:*:*
          *cpe:2.3:a:f5:big-ip_container_ingress_services:21.0.0:*:*:*:*:*:*:*
          *cpe:2.3:a:f5:big-ip_ddos_hybrid_defender:21.0.0:*:*:*:*:*:*:*
          *cpe:2.3:a:f5:big-ip_domain_name_system:21.0.0:*:*:*:*:*:*:*
          *cpe:2.3:a:f5:big-ip_edge_gateway:21.0.0:*:*:*:*:*:*:*
          *cpe:2.3:a:f5:big-ip_fraud_protection_service:21.0.0:*:*:*:*:*:*:*
          *cpe:2.3:a:f5:big-ip_global_traffic_manager:21.0.0:*:*:*:*:*:*:*
          *cpe:2.3:a:f5:big-ip_link_controller:21.0.0:*:*:*:*:*:*:*
          *cpe:2.3:a:f5:big-ip_local_traffic_manager:21.0.0:*:*:*:*:*:*:*
          *cpe:2.3:a:f5:big-ip_policy_enforcement_manager:21.0.0:*:*:*:*:*:*:*
          *cpe:2.3:a:f5:big-ip_ssl_orchestrator:21.0.0:*:*:*:*:*:*:*
          *cpe:2.3:a:f5:big-ip_webaccelerator:21.0.0:*:*:*:*:*:*:*
          *cpe:2.3:a:f5:big-ip_websafe:21.0.0:*:*:*:*:*:*:*
Added CPE Configuration

                  
                
              
OR
          *cpe:2.3:a:f5:big-iq_centralized_management:*:*:*:*:*:*:*:* versions from (including) 8.4.0 up to (including) 8.4.1
Added Reference Type

                  
                
              
F5 Networks: https://my.f5.com/manage/s/article/K000161022 Types: Mitigation, Vendor Advisory