Cybersecurity and Infrastructure Security Agency Emergency Directive 26-01 Mandated agencies apply the latest vendor update for at-risk F5 products for Federal Civilian Executive
Public Sector Action
Summary
Hide ▲
Show ▼
CISA issued Emergency Directive 26-01 after identifying a significant cyber threat to federal networks using certain F5 devices and software. The directive requires Federal Civilian Executive Branch agencies to apply the latest vendor-provided update for at-risk F5 virtual and physical devices and downloaded software, including F5OS, BIG-IP TMOS, BIG-IQ, and BNK / CNF, by October 22, 2025. CISA said the action is meant to reduce immediate exposure and will be checked for compliance, and it also told agencies to follow F5’s Quarterly Security Notification.
Related Happenings
CISA orders FCEB Ivanti Sentry remediation under BOD 26-04
Public Sector Action
H score36
First: 12.06.2026 11:26
Last: 12.06.2026 11:26
Sources 1
About this happening:
**CISA** ordered **FCEB agencies** to secure **Ivanti Sentry** within **three days** after confirming **CVE-2026-10520** is being **actively exploited**, creating immediate remedi...
CISA orders FCEB Ivanti Sentry remediation under BOD 26-04
Public Sector ActionAbout this happening: **CISA** ordered **FCEB agencies** to secure **Ivanti Sentry** within **three days** after confirming **CVE-2026-10520** is being **actively exploited**, creating immediate remedi...
CISA BOD 26-04 remediation requirements
Advisory/Mitigation
H score31
First: 11.06.2026 15:46
Last: 11.06.2026 15:46
Sources 1
About this happening:
CISA’s **Binding Operational Directive 26-04** forces **FCEB agencies** to speed up remediation of high-risk vulnerabilities, with some deadlines as short as **3 days** and new **...
CISA BOD 26-04 remediation requirements
Advisory/MitigationAbout this happening: CISA’s **Binding Operational Directive 26-04** forces **FCEB agencies** to speed up remediation of high-risk vulnerabilities, with some deadlines as short as **3 days** and new **...
CISA KEV update and FCEB remediation deadline
Public Sector Action
H score33
First: 10.06.2026 17:44
Last: 10.06.2026 17:44
Sources 1
About this happening:
**CISA** added **three actively exploited vulnerabilities** to the **KEV catalog** and ordered **Federal Civilian Executive Branch agencies** to remediate by **June 23, 2026**. Th...
CISA KEV update and FCEB remediation deadline
Public Sector ActionAbout this happening: **CISA** added **three actively exploited vulnerabilities** to the **KEV catalog** and ordered **Federal Civilian Executive Branch agencies** to remediate by **June 23, 2026**. Th...
CISA BOD 26-04 prioritizes vulnerability remediation for federal civilian agencies
Public Sector Action
H score27
First: 10.06.2026 15:00
Last: 10.06.2026 15:00
Sources 1
About this happening:
**CISA** issued **Binding Operational Directive 26-04** to require **federal civilian agencies** to prioritize vulnerability remediation using **Asset Exposure**, **KEV Status**,...
CISA BOD 26-04 prioritizes vulnerability remediation for federal civilian agencies
Public Sector ActionAbout this happening: **CISA** issued **Binding Operational Directive 26-04** to require **federal civilian agencies** to prioritize vulnerability remediation using **Asset Exposure**, **KEV Status**,...
CISA KEV order for FCEB remediation of CVE-2026-50751
Public Sector Action
H score43
First: 09.06.2026 11:18
Last: 09.06.2026 11:18
Sources 1
About this happening:
**CISA** ordered **Federal Civilian Executive Branch** agencies to secure **CVE-2026-50751**, forcing a rapid federal response to a flaw that can let attackers bypass authenticati...
CISA KEV order for FCEB remediation of CVE-2026-50751
Public Sector ActionAbout this happening: **CISA** ordered **Federal Civilian Executive Branch** agencies to secure **CVE-2026-50751**, forcing a rapid federal response to a flaw that can let attackers bypass authenticati...
Timeline
-
15.10.2025 15:00 4 articles · 8mo ago
CISA issues Emergency Directive 26-01 for F5 remediation
Legal Policy Action UpdateCISA identified a significant cyber threat targeting federal networks that use certain F5 devices and software and issued Emergency Directive 26-01 requiring Federal Civilian Executive Branch agencies to apply the latest vendor-provided update for at-risk F5 virtual and physical devices and downloaded software, including F5OS, BIG-IP TMOS, BIG-IQ, and BNK / CNF, by October 22, 2025, and to follow F5’s Quarterly Security Notification.
Show sources
- CISA Issues Emergency Directive to Address Critical Vulnerabilities in F5 Devices — www.cisa.gov — 15.10.2025 15:00
- CISA Issues Emergency Directive to Address Critical Vulnerabilities in F5 Devices — www.cisa.gov — 15.10.2025 15:00
- F5 BIG-IP Environment Breached by Nation-State Actor — www.darkreading.com — 15.10.2025 22:08
- Over 266,000 F5 BIG-IP instances exposed to remote attacks — www.bleepingcomputer.com — 17.10.2025 15:16