CVE-2026-42937

CVE-2026-42937 affects BIG-IP and BIG-IQ, with incorrect permission assignments in TMOS Shell (tmsh) for arp/ndp and in iControl REST. An authenticated attacker can view adjacent network information via remote iControl REST or local tmsh, a purely control-plane issue with no data-plane exposure. ...

CVE-2026-40462 iControl REST and tmsh vulnerability

Incorrect permission assignment vulnerabilities exist in iControl REST and TMOS shell tmsh undisclosed command which may allow an authenticated attacker to view sensitive information. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...

K000160932: Quarterly Security Notification (May 2026)

Security Advisory Description On May 13, 2026, F5 announced the following security issues. This document is intended to serve as an overview of these vulnerabilities to help determine the impact to your F5 devices. You can find the details of each issue in the associated articles. You can watch t...

K000160876: Appliance mode iControl REST vulnerability CVE-2026-42930

Security Advisory Description When running in Appliance mode, an authenticated attacker assigned the Administrator role may be able to bypass Appliance mode restrictions on a BIG-IP system. CVE-2026-42930 Impact An authenticated attacker with local system access and the Administrator role may be...

F5 Networks BIG-IP : BIG-IP iControl REST vulnerability (K000137522)

The version of F5 Networks BIG-IP installed on the remote host is prior to 15.1.9 / 16.1.4 / 17.1.1. It is, therefore, affected by a vulnerability as referenced in the K000137522 advisory. - When running in appliance mode, an authenticated remote command injection vulnerability exists in an...

CVE-2022-41617 BIG-IP Advanced WAF and ASM iControl REST vulnerability CVE-2022-41617

In versions 16.1.x before 16.1.3.1, 15.1.x before 15.1.6.1, 14.1.x before 14.1.5.1, and 13.1.x before 13.1.5.1, When the Advanced WAF / ASM module is provisioned, an authenticated remote code execution vulnerability exists in the BIG-IP iControl REST interface...

Exploit for Missing Authentication for Critical Function in F5 Big-Ip_Access_Policy_Manager

CVE-2022-1388 F5 BIG-IP iControl REST vulnerability RCE exploi...

Exploit for Missing Authentication for Critical Function in F5 Big-Ip_Access_Policy_Manager

CVE-2022-1388 BIG-IP iControl REST vulnerability CVE-2022-1388...

F5 Networks BIG-IP : iControl REST vulnerability (K87502622)

The version of F5 Networks BIG-IP installed on the remote host is prior to 11.6.5.3 / 12.1.5.3 / 13.1.3.5 / 14.1.3.1 / 15.1.1 / 16.0.1. It is, therefore, affected by a vulnerability as referenced in the K87502622 advisory. - On BIG-IP version 16.0.x before 16.0.1, 15.1.x before 15.1.1, 14.1.x...

F5 Networks BIG-IP : iControl REST vulnerability (K44885536)

Undisclosed iControl REST worker is vulnerable to command injection by an administrator or resource administrator user. This attack is only exploitable on multi-bladed systems. Thevulnerability allows bypass of Appliance mode security on BIG-IP systems by allowing the execution of arbitrary...

F5 Networks BIG-IP : iControl REST vulnerability (K29149494)

Application logic abuse of ASM REST endpoints can lead to instability of BIG-IP system. Exploitation of this issue causes excessive memory consumption which results in the Linux kernel triggering OOM killer on arbitrary processes. The attack requires an authenticated user with role of 'Guest' or...