Ref# ADV2026_53 | Date: Feb 6th 2026

---

F5 published a security advisory highlighting vulnerabilities in the following products on February 4, 2026. It is recommended that you take the necessary precautions by ensuring your products are always updated. 

• APM Clients – versions 7.2.5 to 7.2.6.1 

• BIG-IP (all modules) – multiple versions 

• BIG-IP APM – multiple versions 

• BIG-IP Advanced WAF/ASM – versions 17.1.0 to 17.1.2 

• BIG-IP Container Ingress Services for Kubernetes and OpenShift – versions 2.0.0 to 2.20.1, versions 1.0.0 to 1.14.0 

• NGINX Gateway Fabric – versions 2.0.0 to 2.4.0, versions 1.2.0 to 1.6.2 

• NGINX Ingress Controller – multiple versions 

• NGINX Instance Manager – versions 2.15.1 to 2.21.0 

• NGINX Open Source – versions 1.3.0 to 1.29.4 

• NGINX Plus – versions R32 to R36 P1 

For more information on these updates, you can follow this URL: 

• K000159076: Quarterly Security Notification (February 2026) 

The Guyana National CIRT recommends that users and administrators review these updates and apply them where necessary. 

References 

• F5 Security Advisory (February 4th, 2026). Retrieved from F5. https://my.f5.com/manage/s/article/K000159076  

• F5 Security Advisory (February 4th, 2026). Retrieved from Canadian Centre for Cyber Security.  https://www.cyber.gc.ca/en/alerts-advisories/f5-security-advisory-av26-086