CVE-2026-42781 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
f5	CNA	6.5 MEDIUM	ADJACENT_NETWORK	LOW	NONE	CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Base Score

CVSS 3.x

EPSS Score

Percentile: 7%

Affected Products (NVD)

Vendor	Product	Version
f5	big-ip_access_policy_manager	21.0.0
f5	big-ip_advanced_firewall_manager	21.0.0
f5	big-ip_advanced_web_application_firewall	21.0.0
f5	big-ip_analytics	21.0.0
f5	big-ip_application_acceleration_manager	21.0.0
f5	big-ip_application_security_manager	21.0.0
f5	big-ip_application_visibility_and_reporting	21.0.0
f5	big-ip_automation_toolchain	21.0.0
f5	big-ip_carrier-grade_nat	21.0.0
f5	big-ip_container_ingress_services	21.0.0
f5	big-ip_ddos_hybrid_defender	21.0.0
f5	big-ip_domain_name_system	21.0.0
f5	big-ip_edge_gateway	21.0.0
f5	big-ip_fraud_protection_service	21.0.0
f5	big-ip_global_traffic_manager	21.0.0
f5	big-ip_link_controller	21.0.0
f5	big-ip_local_traffic_manager	21.0.0
f5	big-ip_policy_enforcement_manager	21.0.0
f5	big-ip_ssl_orchestrator	21.0.0
f5	big-ip_webaccelerator	21.0.0
f5	big-ip_websafe	21.0.0
f5	big-ip_access_policy_manager	17.1.0 ≤ 𝑥 ≤ 17.1.3
f5	big-ip_access_policy_manager	17.5.0 ≤ 𝑥 ≤ 17.5.1
f5	big-ip_advanced_firewall_manager	17.1.0 ≤ 𝑥 ≤ 17.1.3
f5	big-ip_advanced_firewall_manager	17.5.0 ≤ 𝑥 ≤ 17.5.1
f5	big-ip_advanced_web_application_firewall	17.1.0 ≤ 𝑥 ≤ 17.1.3
f5	big-ip_advanced_web_application_firewall	17.5.0 ≤ 𝑥 ≤ 17.5.1
f5	big-ip_analytics	17.1.0 ≤ 𝑥 ≤ 17.1.3
f5	big-ip_analytics	17.5.0 ≤ 𝑥 ≤ 17.5.1
f5	big-ip_application_acceleration_manager	17.1.0 ≤ 𝑥 ≤ 17.1.3
f5	big-ip_application_acceleration_manager	17.5.0 ≤ 𝑥 ≤ 17.5.1
f5	big-ip_application_security_manager	17.1.0 ≤ 𝑥 ≤ 17.1.3
f5	big-ip_application_security_manager	17.5.0 ≤ 𝑥 ≤ 17.5.1
f5	big-ip_application_visibility_and_reporting	17.1.0 ≤ 𝑥 ≤ 17.1.3
f5	big-ip_application_visibility_and_reporting	17.5.0 ≤ 𝑥 ≤ 17.5.1
f5	big-ip_automation_toolchain	17.1.0 ≤ 𝑥 ≤ 17.1.3
f5	big-ip_automation_toolchain	17.5.0 ≤ 𝑥 ≤ 17.5.1
f5	big-ip_carrier-grade_nat	17.1.0 ≤ 𝑥 ≤ 17.1.3
f5	big-ip_carrier-grade_nat	17.5.0 ≤ 𝑥 ≤ 17.5.1
f5	big-ip_container_ingress_services	17.1.0 ≤ 𝑥 ≤ 17.1.3
f5	big-ip_container_ingress_services	17.5.0 ≤ 𝑥 ≤ 17.5.1
f5	big-ip_ddos_hybrid_defender	17.1.0 ≤ 𝑥 ≤ 17.1.3
f5	big-ip_ddos_hybrid_defender	17.5.0 ≤ 𝑥 ≤ 17.5.1
f5	big-ip_domain_name_system	17.1.0 ≤ 𝑥 ≤ 17.1.3
f5	big-ip_domain_name_system	17.5.0 ≤ 𝑥 ≤ 17.5.1
f5	big-ip_edge_gateway	17.1.0 ≤ 𝑥 ≤ 17.1.3
f5	big-ip_edge_gateway	17.5.0 ≤ 𝑥 ≤ 17.5.1
f5	big-ip_fraud_protection_service	17.1.0 ≤ 𝑥 ≤ 17.1.3
f5	big-ip_fraud_protection_service	17.5.0 ≤ 𝑥 ≤ 17.5.1
f5	big-ip_global_traffic_manager	17.1.0 ≤ 𝑥 ≤ 17.1.3
f5	big-ip_global_traffic_manager	17.5.0 ≤ 𝑥 ≤ 17.5.1
f5	big-ip_link_controller	17.1.0 ≤ 𝑥 ≤ 17.1.3
f5	big-ip_link_controller	17.5.0 ≤ 𝑥 ≤ 17.5.1
f5	big-ip_local_traffic_manager	17.1.0 ≤ 𝑥 ≤ 17.1.3
f5	big-ip_local_traffic_manager	17.5.0 ≤ 𝑥 ≤ 17.5.1
f5	big-ip_policy_enforcement_manager	17.1.0 ≤ 𝑥 ≤ 17.1.3
f5	big-ip_policy_enforcement_manager	17.5.0 ≤ 𝑥 ≤ 17.5.1
f5	big-ip_ssl_orchestrator	17.1.0 ≤ 𝑥 ≤ 17.1.3
f5	big-ip_ssl_orchestrator	17.5.0 ≤ 𝑥 ≤ 17.5.1
f5	big-ip_webaccelerator	17.1.0 ≤ 𝑥 ≤ 17.1.3
f5	big-ip_webaccelerator	17.5.0 ≤ 𝑥 ≤ 17.5.1
f5	big-ip_websafe	17.1.0 ≤ 𝑥 ≤ 17.1.3
f5	big-ip_websafe	17.5.0 ≤ 𝑥 ≤ 17.5.1

𝑥

= Vulnerable software versions

Early Detection

Affected products identified ahead of NVD analysis through intelligence sources.

Vendor	Product	Version	Source
f5	big-ip	21.0.0 ≤ 𝑥 < 21.0.0.1	CNA
f5	big-ip	17.5.0 ≤ 𝑥 < 17.5.1.4	CNA
f5	big-ip	17.1.0 ≤ 𝑥 < 17.1.3.1	CNA

Common Weakness Enumeration

CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')
The program contains an iteration or loop with an exit condition that cannot be reached, i.e., an infinite loop.

References

https://my.f5.com/manage/s/article/K000160862