F5 Networks BIG-IP : BIG-IP Configuration utility vulnerability (K000156734)

The version of F5 Networks BIG-IP installed on the remote host is prior to 17.1.3 / 17.5.1.3 / 21.0.0. It is, therefore, affected by a vulnerability as referenced in the K000156734 advisory. A vulnerability exists in the undisclosed pages in the Configuration utility that may allow a low-...

EUVD-2026-29991

An authenticated remote code execution vulnerability through undisclosed vectors exists in the BIG-IP and BIG-IQ Configuration utility. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...

CVE-2026-40703

A cross-site request forgery CSRF vulnerability exists in the dashboard of the BIG-IP Configuration utility. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...

CVE-2026-39455

When the BIG-IP Configuration utility is configured to use Lightweight Directory Access Protocol LDAP authentication, undisclosed traffic can cause the httpd process to exhaust the available file descriptors. Note: Software versions which have reached End of Technical Support EoTS are not...

CVE-2026-39455 BIG-IP Configuration utility vulnerability

When the BIG-IP Configuration utility is configured to use Lightweight Directory Access Protocol LDAP authentication, undisclosed traffic can cause the httpd process to exhaust the available file descriptors. Note: Software versions which have reached End of Technical Support EoTS are not...

CVE-2026-41957 BIG-IP and BIG-IQ Configuration utility vulnerability

An authenticated remote code execution vulnerability through undisclosed vectors exists in the BIG-IP and BIG-IQ Configuration utility. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...

CVE-2026-41957

CVE-2026-41957 affects the BIG-IP and BIG-IQ Configuration utility. The connected advisory confirms an authenticated remote code execution vulnerability via undisclosed vectors in the Configuration utility (control plane access), with CWE-502 deserialization noted in the security advisory details...

CVE-2026-40699 BIG-IP Configuration utility vulnerability

A vulnerability exists in the undisclosed pages in the Configuration utility that may allow a low-privileged authenticated attacker to access to undisclosed sensitive information. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...

CVE-2026-40699 BIG-IP Configuration utility vulnerability

A vulnerability exists in the undisclosed pages in the Configuration utility that may allow a low-privileged authenticated attacker to access to undisclosed sensitive information. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...

CVE-2026-40703 BIG-IP Configuration utility CSRF vulnerability

A cross-site request forgery CSRF vulnerability exists in the dashboard of the BIG-IP Configuration utility. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...

CVE-2026-40703 BIG-IP Configuration utility CSRF vulnerability

A cross-site request forgery CSRF vulnerability exists in the dashboard of the BIG-IP Configuration utility. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...

CVE-2026-40703

The CVE-2026-40703 entry describes a CSRF vulnerability in the BIG-IP Configuration utility dashboard. A remote, unauthenticated attacker can entice an authenticated user to issue crafted requests, allowing the attacker to create, modify, and delete dashboard items as that user. This is a control...

K000156734: BIG-IP Configuration utility vulnerability CVE-2026-40699

Security Advisory Description A vulnerability exists in the undisclosed pages in the Configuration utility that may allow a low-privileged authenticated attacker to access to undisclosed sensitive information. CVE-2026-40699 Impact This vulnerability may allow a low-privileged authenticated...

K35544022: BIG-IP Configuration utility CSRF vulnerability CVE-2026-40703

Security Advisory Description A cross-site request forgery CSRF vulnerability exists in the dashboard of the BIG-IP Configuration utility. CVE-2026-40703 Impact A remote, unauthenticated attacker may exploit this vulnerability by causing an authenticated user to send a crafted request to the BIG-...

K000160874: BIG-IP Configuration utility vulnerability CVE-2026-39455

Security Advisory Description When the BIG-IP Configuration utility is configured to use Lightweight Directory Access Protocol LDAP authentication, undisclosed traffic can cause the httpd process to exhaust the available file descriptors. CVE-2026-39455 Impact The Configuration utility stops...

K000156761: BIG-IP and BIG-IQ Configuration utility vulnerability CVE-2026-41957

Security Advisory Description An authenticated remote code execution vulnerability through undisclosed vectors exists in the BIG-IP and BIG-IQ Configuration utility. CVE-2026-41957 Impact This vulnerability may allow an authenticated attacker with network access to the Configuration utility throu...

PT-2026-40640

Name of the Vulnerable Software and Affected Versions F5 BIG-IP versions prior to 17.1.3.2 F5 BIG-IP versions prior to 17.5.1.6 F5 BIG-IP versions prior to 21.0.0.2 Description When the BIG-IP Configuration utility is configured to use Lightweight Directory Access Protocol LDAP authentication,...

PT-2026-40665

Name of the Vulnerable Software and Affected Versions BIG-IP versions prior to 17.1.3.1 BIG-IQ versions prior to 17.5.1.4 Description An authenticated remote code execution issue exists in the BIG-IP and BIG-IQ Configuration utility. This flaw is caused by deserialization, a process where data is...

PT-2026-40654

Name of the Vulnerable Software and Affected Versions F5 BIG-IP versions prior to 17.1.3.1 F5 BIG-IP versions prior to 17.5.1.4 F5 BIG-IP versions prior to 21.0.0.1 Description An xpath injection issue exists in undisclosed pages of the Configuration utility. This allows a low-privileged...

Johnson Controls iSTAR Configuration Utility < 6.9.8 Stack-based Buffer Overflow

The version of Johnson Controls iSTAR Configuration Utility ICU installed on the remote Windows host is prior to 6.9.8. It is, therefore, affected by a stack-based buffer overflow vulnerability that could result in failure within the operating system of the machine hosting the ICU tool. Note that...