Support Content Notification - Support Portal

MONTHLY PLATFORM PATCH FOR THE API GATEWAY – MAY 2026

Product/Component

CA API Gateway

0 more products

Notification Id

37495

Last Updated

14 May 2026

Initial Publication Date

14 May 2026

May 2026

To: Layer7 API Gateway Customers

From: The Broadcom API Gateway Product Team

Subject: Monthly Platform Patch for the API Gateway – May 2026

Platform patches upgrade the underlying OS packages and other (non- Layer7 API) hardware/virtual appliance components where Common Vulnerabilities and Exposures (CVE) have been raised.

These patches are delivered on a monthly basis unless a CVE has been discovered that requires immediate attention. Currently, none of the CVEs raised has caused issues with the Layer7 API Gateway or API Developer Portal, but they are being addressed as a preventative measure.

To bring the platform up to the most recent level, apply the most recent monthly patch.

We recommend that all Gateway container and appliance customers (both hardware or virtual) of our Layer7 API Gateway/Developer Portal remain current with the platform patch level and the core application level.

You can download the latest monthly platform patch from the Layer7 API Management Solutions & Patches page or pull the latest image from Docker Hub.

Note: The following are the highlights of the May 2026 MPP release

May 2026 MPP release addresses the CVEs related to Operating Systems. Notable Fixes in This Release:
- "Copy Fail" (CVE-2026-31431) — Local privilege escalation to root via kernel AEAD crypto API (AF_ALG). Any unprivileged user can become root. Exploitable since 2017; PoC published.
- "Dirty Frag" (CVE-2026-43284 + CVE-2026-43500) — Two-CVE LPE chain via IPsec/ESP and RxRPC page-cache write primitives.
Gateway 11.1 and 11.2 Docker images for May 2026 MPP is not released.
Gateway 11.1 users MUST upgrade their Patch Management Service (PMS) to v2.1.0 BEFORE applying the May 2026 MPP as this patch and future patches will require the latest signing algorithms. The PMS upgrade patch can be found on the PMS 2.1.0 Solution Page.

Note: Before you patch an appliance gateway, please ensure that you have sufficient disk space in the appliance to avoid space issues. If you encounter any space issues, please follow these instructions to add additional disk space. Increase Disk Space in Virtual Appliance

You can also call Broadcom Customer Care at +1 800 225 5224 in North America or visit https://www.broadcom.com/support/software/contact for the local number in your country.

Should you need any assistance, our Broadcom Services experts can help. For more information on Broadcom Services and how you can leverage our experience, please visit https://www.broadcom.com/support/services-support.