F5 Networks BIG-IP : BIG-IP privilege escalation vulnerability (K000160975)

The version of F5 Networks BIG-IP installed on the remote host is prior to 17.1.3.2 / 17.5.1.6 / 21.0.0.2. It is, therefore, affected by a vulnerability as referenced in the K000160975 advisory. A vulnerability exists in BIG-IP systems where a highly privileged, authenticated attacker with at lea...

Caddy: Remote Admin Authorization Bypass in `/config` API via Array Index Normalization

This report is not about a normal textual prefix-expansion case. The issue here is that the authorization layer and the /config traversal layer do not agree on what object the path refers to. In this case, a path authorized for one config object is accepted, but then resolves to a different confi...

EUVD-2026-29997

A vulnerability exists in BIG-IP and BIG-IQ systems where a highly privileged, authenticated attacker with at least the Certificate Manager role can modify configuration objects that allow running arbitrary commands. Note: Software versions which have reached End of Technical Support EoTS are...

EUVD-2026-29961

A vulnerability exists in BIG-IP and BIG-IQ systems where a highly privileged, authenticated attacker with at least the Certificate Manager role can modify configuration objects that allow running arbitrary commands. Note: Software versions which have reached End of Technical Support EoTS are not...

CVE-2026-42406

CVE-2026-42406 affects BIG-IP and BIG-IQ. A highly privileged, authenticated user with at least the Certificate Manager role can modify configuration objects that enable running arbitrary commands, potentially executing system commands and creating/deleting files. On BIG-IP, exploitation may bypa...

CVE-2026-39459 iControl REST and tmsh vulnerability

A vulnerability exists in iControl REST and the TMOS Shell tmsh where a highly privileged, authenticated attacker with at least the Manager role can create configuration objects that allow running arbitrary commands. Note: Software versions which have reached End of Technical Support EoTS are not...

CVE-2026-41225

CVE-2026-41225 affects F5 BIG-IP iControl REST. A highly privileged, authenticated user (Manager) can create configuration objects that execute arbitrary commands. Impact is control-plane–level: privilege escalation and possible cross-boundary access in appliances; data plane remains unaffected p...

K000160916: iControl REST vulnerability CVE-2026-41225

Security Advisory Description A vulnerability exists in iControl REST where a highly privileged, authenticated attacker with at least the Manager role can create configuration objects that allow running arbitrary commands. CVE-2026-41225 Impact This vulnerability may allow a highly privileged...

CVE-2026-0757 MCP Manager for Claude Desktop execute-command Command Injection Sandbox Escape Vulnerability

MCP Manager for Claude Desktop execute-command Command Injection Sandbox Escape Vulnerability. This vulnerability allows remote attackers to bypass the sandbox on affected installations of MCP Manager for Claude Desktop. User interaction is required to exploit this vulnerability in that the targe...

CVE-2021-32739

Icinga is a monitoring system which checks the availability of network resources, notifies users of outages, and generates performance data for reporting. From version 2.4.0 through version 2.12.4, a vulnerability exists that may allow privilege escalation for authenticated API users. With a...