Lucene search
K

371 matches found

Cvelist
Cvelist
added 2026/05/13 2:12 p.m.63 views

CVE-2026-42937 iControl REST and tmsh vulnerability

Incorrect permission assignment vulnerabilities exist in BIG-IP and BIG-IQ TMOS Shell tmsh arp and ndp commands, and in BIG-IP iControl REST. These vulnerabilities may allow an authenticated attacker to view adjacent network information. Note: Software versions which have reached End of Technical...

7.1CVSS0.00203EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/13 2:12 p.m.8 views

CVE-2026-42937

Incorrect permission assignment vulnerabilities exist in BIG-IP and BIG-IQ TMOS Shell tmsh arp and ndp commands, and in BIG-IP iControl REST. These vulnerabilities may allow an authenticated attacker to view adjacent network information. Note: Software versions which have reached End of Technical...

7.1CVSS5.8AI score0.00203EPSS
Exploits0References2Affected Software2
Cvelist
Cvelist
added 2026/05/13 2:12 p.m.30 views

CVE-2026-34176 Knowledge Appliance mode iControl REST vulnerability

When running in Appliance mode, an authenticated remote command injection vulnerability exists in an undisclosed iControl REST endpoint. A successful exploit can allow the attacker to cross a security boundary. Note: Software versions which have reached End of Technical Support EoTS are not...

8.7CVSS0.00692EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/13 2:12 p.m.9 views

CVE-2026-34176

When running in Appliance mode, an authenticated remote command injection vulnerability exists in an undisclosed iControl REST endpoint. A successful exploit can allow the attacker to cross a security boundary. Note: Software versions which have reached End of Technical Support EoTS are not...

8.7CVSS5.5AI score0.00692EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2026/05/13 2:12 p.m.30 views

CVE-2026-34176

CVE-2026-34176 affects BIG-IP in Appliance mode and is described in F5 advisories K000160857/K000160857 (appliance-mode iControl REST vulnerability). An authenticated attacker with administrator privileges and network access can trigger an OS command injection via an undisclosed iControl REST end...

8.7CVSS5.5AI score0.00692EPSS
Exploits0References1Affected Software21
CVE
CVE
added 2026/05/13 2:12 p.m.25 views

CVE-2026-39459

CVE-2026-39459 affects BIG-IP products via iControl REST and the TMOS Shell (tmsh). An authenticated attacker with at least the Manager role over the network can create configuration objects that enable execution of arbitrary commands on the system. The F5 advisory lists affected branches and vul...

8.6CVSS5.9AI score0.00257EPSS
Exploits0References1Affected Software21
Cvelist
Cvelist
added 2026/05/13 2:12 p.m.31 views

CVE-2026-39459 iControl REST and tmsh vulnerability

A vulnerability exists in iControl REST and the TMOS Shell tmsh where a highly privileged, authenticated attacker with at least the Manager role can create configuration objects that allow running arbitrary commands. Note: Software versions which have reached End of Technical Support EoTS are not...

8.6CVSS0.00257EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/13 2:12 p.m.31 views

CVE-2026-41225 iControl REST vulnerability

A vulnerability exists in iControl REST where a highly privileged, authenticated attacker with at least the Manager role can create configuration objects that allow running arbitrary commands. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...

9.1CVSS0.00272EPSS
Exploits0References1
CVE
CVE
added 2026/05/13 2:12 p.m.55 views

CVE-2026-41225

CVE-2026-41225 affects F5 BIG-IP iControl REST. A highly privileged, authenticated user (Manager) can create configuration objects that execute arbitrary commands. Impact is control-plane–level: privilege escalation and possible cross-boundary access in appliances; data plane remains unaffected p...

9.1CVSS5.9AI score0.00272EPSS
Exploits0References1Affected Software21
Vulnrichment
Vulnrichment
added 2026/05/13 2:12 p.m.8 views

CVE-2026-40698 iControl REST and TMSH vulnerability

A vulnerability exists in BIG-IP and BIG-IQ systems where a highly privileged, authenticated attacker with at least the Resource Administrator role can create SNMP configuration objects through iControl REST or the TMOS shell tmsh resulting in privilege escalation. Note: Software versions which...

8.7CVSS5.8AI score0.00235EPSS
Exploits0References1
CVE
CVE
added 2026/05/13 2:12 p.m.26 views

CVE-2026-40061

CVE-2026-40061 affects BIG-IP DNS and relates to an undisclosed iControl REST and tmsh command that an authenticated attacker with Resource Administrator or Administrator privileges can use to execute arbitrary system commands with higher privileges. In Appliance mode, exploit could cross a secur...

8.7CVSS5.9AI score0.00235EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2026/05/13 2:12 p.m.35 views

CVE-2026-40061 iControl REST and tmsh vulnerability

When BIG-IP DNS is provisioned, a vulnerability exists in an undisclosed iControl REST and BIG-IP TMOS Shell tmsh command that may allow an authenticated attacker with the Resource Administrator or Administrator role to execute arbitrary system commands with higher privileges. In Appliance mode...

8.7CVSS0.00235EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/13 2:12 p.m.11 views

CVE-2026-40061 iControl REST and tmsh vulnerability

When BIG-IP DNS is provisioned, a vulnerability exists in an undisclosed iControl REST and BIG-IP TMOS Shell tmsh command that may allow an authenticated attacker with the Resource Administrator or Administrator role to execute arbitrary system commands with higher privileges. In Appliance mode...

8.7CVSS5.9AI score0.00235EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/13 2:12 p.m.28 views

CVE-2026-20916 BIG-IQ iControl REST vulnerability

An authenticated iControl REST user with low privileges can create or modify arbitrary files through an undisclosed iControl REST endpoint on the BIG-IQ system. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...

8.1CVSS0.00366EPSS
Exploits0References1
CVE
CVE
added 2026/05/13 2:12 p.m.26 views

CVE-2026-20916

CVE-2026-20916 affects BIG-IQ Centralized Management (iControl REST). An authenticated iControl REST user with low privileges can remotely create or modify arbitrary files via an undisclosed endpoint, with a path traversal weakness enabling control-plane impact (no data-plane exposure). In F5’s a...

8.1CVSS6AI score0.00366EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2026/05/13 2:12 p.m.7 views

CVE-2026-28758 BIG-IP iControl REST vulnerability

When BIG-IP DNS is provisioned, a vulnerability exists in the gtmadd and bigipadd iControl REST commands that return the ssh-password parameter in cleartext in the iControl REST response and is also logged in the audit log. This may allow a highly privileged, authenticated attacker with access to...

6.7CVSS5.8AI score0.00083EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/13 2:12 p.m.28 views

CVE-2026-28758 BIG-IP iControl REST vulnerability

When BIG-IP DNS is provisioned, a vulnerability exists in the gtmadd and bigipadd iControl REST commands that return the ssh-password parameter in cleartext in the iControl REST response and is also logged in the audit log. This may allow a highly privileged, authenticated attacker with access to...

6.7CVSS0.00083EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/13 2:12 p.m.33 views

CVE-2026-40462 iControl REST and tmsh vulnerability

Incorrect permission assignment vulnerabilities exist in iControl REST and TMOS shell tmsh undisclosed command which may allow an authenticated attacker to view sensitive information. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...

7.1CVSS0.00248EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/13 2:12 p.m.10 views

CVE-2026-28758

When BIG-IP DNS is provisioned, a vulnerability exists in the gtmadd and bigipadd iControl REST commands that return the ssh-password parameter in cleartext in the iControl REST response and is also logged in the audit log. This may allow a highly privileged, authenticated attacker with access to...

6.7CVSS5.8AI score0.00083EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2026/05/13 2:12 p.m.19 views

CVE-2026-40462

CVE-2026-40462 affects F5 BIG-IP: an incorrect permission assignment in iControl REST and the TMOS shell (tmsh) could allow an authenticated user to view sensitive information (control plane exposure). Concrete details from connected advisories show affected branches/versions and available fixes....

7.1CVSS5.8AI score0.00248EPSS
Exploits0References1Affected Software21
Rows per page
Query Builder