371 matches found
CVE-2026-42937 iControl REST and tmsh vulnerability
Incorrect permission assignment vulnerabilities exist in BIG-IP and BIG-IQ TMOS Shell tmsh arp and ndp commands, and in BIG-IP iControl REST. These vulnerabilities may allow an authenticated attacker to view adjacent network information. Note: Software versions which have reached End of Technical...
CVE-2026-42937
Incorrect permission assignment vulnerabilities exist in BIG-IP and BIG-IQ TMOS Shell tmsh arp and ndp commands, and in BIG-IP iControl REST. These vulnerabilities may allow an authenticated attacker to view adjacent network information. Note: Software versions which have reached End of Technical...
CVE-2026-34176 Knowledge Appliance mode iControl REST vulnerability
When running in Appliance mode, an authenticated remote command injection vulnerability exists in an undisclosed iControl REST endpoint. A successful exploit can allow the attacker to cross a security boundary. Note: Software versions which have reached End of Technical Support EoTS are not...
CVE-2026-34176
When running in Appliance mode, an authenticated remote command injection vulnerability exists in an undisclosed iControl REST endpoint. A successful exploit can allow the attacker to cross a security boundary. Note: Software versions which have reached End of Technical Support EoTS are not...
CVE-2026-34176
CVE-2026-34176 affects BIG-IP in Appliance mode and is described in F5 advisories K000160857/K000160857 (appliance-mode iControl REST vulnerability). An authenticated attacker with administrator privileges and network access can trigger an OS command injection via an undisclosed iControl REST end...
CVE-2026-39459
CVE-2026-39459 affects BIG-IP products via iControl REST and the TMOS Shell (tmsh). An authenticated attacker with at least the Manager role over the network can create configuration objects that enable execution of arbitrary commands on the system. The F5 advisory lists affected branches and vul...
CVE-2026-39459 iControl REST and tmsh vulnerability
A vulnerability exists in iControl REST and the TMOS Shell tmsh where a highly privileged, authenticated attacker with at least the Manager role can create configuration objects that allow running arbitrary commands. Note: Software versions which have reached End of Technical Support EoTS are not...
CVE-2026-41225 iControl REST vulnerability
A vulnerability exists in iControl REST where a highly privileged, authenticated attacker with at least the Manager role can create configuration objects that allow running arbitrary commands. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...
CVE-2026-41225
CVE-2026-41225 affects F5 BIG-IP iControl REST. A highly privileged, authenticated user (Manager) can create configuration objects that execute arbitrary commands. Impact is control-plane–level: privilege escalation and possible cross-boundary access in appliances; data plane remains unaffected p...
CVE-2026-40698 iControl REST and TMSH vulnerability
A vulnerability exists in BIG-IP and BIG-IQ systems where a highly privileged, authenticated attacker with at least the Resource Administrator role can create SNMP configuration objects through iControl REST or the TMOS shell tmsh resulting in privilege escalation. Note: Software versions which...
CVE-2026-40061
CVE-2026-40061 affects BIG-IP DNS and relates to an undisclosed iControl REST and tmsh command that an authenticated attacker with Resource Administrator or Administrator privileges can use to execute arbitrary system commands with higher privileges. In Appliance mode, exploit could cross a secur...
CVE-2026-40061 iControl REST and tmsh vulnerability
When BIG-IP DNS is provisioned, a vulnerability exists in an undisclosed iControl REST and BIG-IP TMOS Shell tmsh command that may allow an authenticated attacker with the Resource Administrator or Administrator role to execute arbitrary system commands with higher privileges. In Appliance mode...
CVE-2026-40061 iControl REST and tmsh vulnerability
When BIG-IP DNS is provisioned, a vulnerability exists in an undisclosed iControl REST and BIG-IP TMOS Shell tmsh command that may allow an authenticated attacker with the Resource Administrator or Administrator role to execute arbitrary system commands with higher privileges. In Appliance mode...
CVE-2026-20916 BIG-IQ iControl REST vulnerability
An authenticated iControl REST user with low privileges can create or modify arbitrary files through an undisclosed iControl REST endpoint on the BIG-IQ system. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...
CVE-2026-20916
CVE-2026-20916 affects BIG-IQ Centralized Management (iControl REST). An authenticated iControl REST user with low privileges can remotely create or modify arbitrary files via an undisclosed endpoint, with a path traversal weakness enabling control-plane impact (no data-plane exposure). In F5’s a...
CVE-2026-28758 BIG-IP iControl REST vulnerability
When BIG-IP DNS is provisioned, a vulnerability exists in the gtmadd and bigipadd iControl REST commands that return the ssh-password parameter in cleartext in the iControl REST response and is also logged in the audit log. This may allow a highly privileged, authenticated attacker with access to...
CVE-2026-28758 BIG-IP iControl REST vulnerability
When BIG-IP DNS is provisioned, a vulnerability exists in the gtmadd and bigipadd iControl REST commands that return the ssh-password parameter in cleartext in the iControl REST response and is also logged in the audit log. This may allow a highly privileged, authenticated attacker with access to...
CVE-2026-40462 iControl REST and tmsh vulnerability
Incorrect permission assignment vulnerabilities exist in iControl REST and TMOS shell tmsh undisclosed command which may allow an authenticated attacker to view sensitive information. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...
CVE-2026-28758
When BIG-IP DNS is provisioned, a vulnerability exists in the gtmadd and bigipadd iControl REST commands that return the ssh-password parameter in cleartext in the iControl REST response and is also logged in the audit log. This may allow a highly privileged, authenticated attacker with access to...
CVE-2026-40462
CVE-2026-40462 affects F5 BIG-IP: an incorrect permission assignment in iControl REST and the TMOS shell (tmsh) could allow an authenticated user to view sensitive information (control plane exposure). Concrete details from connected advisories show affected branches/versions and available fixes....