BaseFortify

Publication date: 2026-05-13

Last updated on: 2026-06-18

Assigner: F5 Networks

Description

A vulnerability exists in BIG-IP systems that may allow an authenticated attacker with administrative access to escalate their privileges. A successful exploit may allow the attacker to cross a security boundary. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published

2026-05-13

Last Modified

2026-06-18

Generated

2026-06-30

EPSS Evaluated

2026-06-28

NVD

CVE-2026-42919

Affected Vendors & Products

Vendor	Product	Version / Range
f5	big-ip_access_policy_manager	From 17.5.0 (inc) to 17.5.1 (inc)
f5	big-ip_advanced_firewall_manager	From 17.5.0 (inc) to 17.5.1 (inc)
f5	big-ip_advanced_web_application_firewall	From 17.5.0 (inc) to 17.5.1 (inc)
f5	big-ip_analytics	From 17.5.0 (inc) to 17.5.1 (inc)
f5	big-ip_application_acceleration_manager	From 17.5.0 (inc) to 17.5.1 (inc)
f5	big-ip_application_security_manager	From 17.5.0 (inc) to 17.5.1 (inc)
f5	big-ip_application_visibility_and_reporting	From 17.5.0 (inc) to 17.5.1 (inc)
f5	big-ip_automation_toolchain	From 17.5.0 (inc) to 17.5.1 (inc)
f5	big-ip_carrier-grade_nat	From 17.5.0 (inc) to 17.5.1 (inc)
f5	big-ip_ddos_hybrid_defender	From 17.5.0 (inc) to 17.5.1 (inc)
f5	big-ip_domain_name_system	From 17.5.0 (inc) to 17.5.1 (inc)
f5	big-ip_edge_gateway	From 17.5.0 (inc) to 17.5.1 (inc)
f5	big-ip_fraud_protection_service	From 17.5.0 (inc) to 17.5.1 (inc)
f5	big-ip_link_controller	From 17.5.0 (inc) to 17.5.1 (inc)
f5	big-ip_local_traffic_manager	From 17.5.0 (inc) to 17.5.1 (inc)
f5	big-ip_policy_enforcement_manager	From 17.5.0 (inc) to 17.5.1 (inc)
f5	big-ip_ssl_orchestrator	From 17.5.0 (inc) to 17.5.1 (inc)
f5	big-ip_webaccelerator	From 17.5.0 (inc) to 17.5.1 (inc)
f5	big-ip_websafe	From 17.5.0 (inc) to 17.5.1 (inc)
f5	big-ip_global_traffic_manager	From 17.5.0 (inc) to 17.5.1 (inc)
f5	big-ip_access_policy_manager	From 17.1.0 (inc) to 17.1.3 (inc)
f5	big-ip_advanced_firewall_manager	From 17.1.0 (inc) to 17.1.3 (inc)
f5	big-ip_advanced_web_application_firewall	From 17.1.0 (inc) to 17.1.3 (inc)
f5	big-ip_analytics	From 17.1.0 (inc) to 17.1.3 (inc)
f5	big-ip_application_acceleration_manager	From 17.1.0 (inc) to 17.1.3 (inc)
f5	big-ip_application_security_manager	From 17.1.0 (inc) to 17.1.3 (inc)
f5	big-ip_application_visibility_and_reporting	From 17.1.0 (inc) to 17.1.3 (inc)
f5	big-ip_automation_toolchain	From 17.1.0 (inc) to 17.1.3 (inc)
f5	big-ip_carrier-grade_nat	From 17.1.0 (inc) to 17.1.3 (inc)
f5	big-ip_container_ingress_services	From 17.1.0 (inc) to 17.1.3 (inc)
f5	big-ip_ddos_hybrid_defender	From 17.1.0 (inc) to 17.1.3 (inc)
f5	big-ip_webaccelerator	From 17.1.0 (inc) to 17.1.3 (inc)
f5	big-ip_websafe	From 17.1.0 (inc) to 17.1.3 (inc)
f5	big-ip_ssl_orchestrator	From 17.1.0 (inc) to 17.1.3 (inc)
f5	big-ip_policy_enforcement_manager	From 17.1.0 (inc) to 17.1.3 (inc)
f5	big-ip_local_traffic_manager	From 17.1.0 (inc) to 17.1.3 (inc)
f5	big-ip_link_controller	From 17.1.0 (inc) to 17.1.3 (inc)
f5	big-ip_global_traffic_manager	From 17.1.0 (inc) to 17.1.3 (inc)
f5	big-ip_fraud_protection_service	From 17.1.0 (inc) to 17.1.3 (inc)
f5	big-ip_edge_gateway	From 17.1.0 (inc) to 17.1.3 (inc)
f5	big-ip_domain_name_system	From 17.1.0 (inc) to 17.1.3 (inc)
f5	big-ip_container_ingress_services	From 17.5.0 (exc) to 17.5.1 (inc)
f5	big-ip_access_policy_manager	21.0.0
f5	big-ip_advanced_firewall_manager	21.0.0
f5	big-ip_advanced_web_application_firewall	21.0.0
f5	big-ip_analytics	21.0.0
f5	big-ip_application_acceleration_manager	21.0.0
f5	big-ip_application_security_manager	21.0.0
f5	big-ip_application_visibility_and_reporting	21.0.0
f5	big-ip_automation_toolchain	21.0.0
f5	big-ip_carrier-grade_nat	21.0.0
f5	big-ip_container_ingress_services	21.0.0
f5	big-ip_ddos_hybrid_defender	21.0.0
f5	big-ip_domain_name_system	21.0.0
f5	big-ip_edge_gateway	21.0.0
f5	big-ip_fraud_protection_service	21.0.0
f5	big-ip_global_traffic_manager	21.0.0
f5	big-ip_link_controller	21.0.0
f5	big-ip_local_traffic_manager	21.0.0
f5	big-ip_policy_enforcement_manager	21.0.0
f5	big-ip_ssl_orchestrator	21.0.0
f5	big-ip_webaccelerator	21.0.0
f5	big-ip_websafe	21.0.0
f5	big-ip_access_policy_manager	From 16.1.0 (inc) to 16.1.6 (inc)
f5	big-ip_advanced_firewall_manager	From 16.1.0 (inc) to 16.1.6 (inc)
f5	big-ip_advanced_web_application_firewall	From 16.1.0 (inc) to 16.1.6 (inc)
f5	big-ip_analytics	From 16.1.0 (inc) to 16.1.6 (inc)
f5	big-ip_application_acceleration_manager	From 16.1.0 (inc) to 16.1.6 (inc)
f5	big-ip_application_security_manager	From 16.1.0 (inc) to 16.1.6 (inc)
f5	big-ip_application_visibility_and_reporting	From 16.1.0 (inc) to 16.1.6 (inc)
f5	big-ip_automation_toolchain	From 16.1.0 (inc) to 16.1.6 (inc)
f5	big-ip_carrier-grade_nat	From 16.1.0 (inc) to 16.1.6 (inc)
f5	big-ip_container_ingress_services	From 16.1.0 (inc) to 16.1.6 (inc)
f5	big-ip_ddos_hybrid_defender	From 16.1.0 (inc) to 16.1.6 (inc)
f5	big-ip_domain_name_system	From 16.1.0 (inc) to 16.1.6 (inc)
f5	big-ip_edge_gateway	From 16.1.0 (inc) to 16.1.6 (inc)
f5	big-ip_fraud_protection_service	From 16.1.0 (inc) to 16.1.6 (inc)
f5	big-ip_global_traffic_manager	From 16.1.0 (inc) to 16.1.6 (inc)
f5	big-ip_link_controller	From 16.1.0 (inc) to 16.1.6 (inc)
f5	big-ip_local_traffic_manager	From 16.1.0 (inc) to 16.1.6 (inc)
f5	big-ip_policy_enforcement_manager	From 16.1.0 (inc) to 16.1.6 (inc)
f5	big-ip_ssl_orchestrator	From 16.1.0 (inc) to 16.1.6 (inc)
f5	big-ip_webaccelerator	From 16.1.0 (inc) to 16.1.6 (inc)
f5	big-ip_websafe	From 16.1.0 (inc) to 16.1.6 (inc)

Helpful Resources

Exploitability

CWE

KEV

CWE ID	Description
CWE-121	A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function).

Attack-Flow Graph

AI Quick Actions have not been generated yet.

Hi! I’m here to help you understand CVE-2026-42919. Ask me anything about the vulnerability, its impact, or mitigation strategies.

0/70