CVE-2026-40631

An authenticated attacker with the Resource Administrator or Administrator role can modify configuration objects through iControl SOAP resulting in privilege escalation. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...

CVE-2026-39459

A vulnerability exists in iControl REST and the TMOS Shell tmsh where a highly privileged, authenticated attacker with at least the Manager role can create configuration objects that allow running arbitrary commands. Note: Software versions which have reached End of Technical Support EoTS are not...

CVE-2026-32643

A vulnerability exists in BIG-IP and BIG-IQ systems where a highly privileged, authenticated attacker with at least the Certificate Manager role can modify configuration objects that allow running arbitrary commands. Note: Software versions which have reached End of Technical Support EoTS are not...

CVE-2026-44292 protobufjs: Prototype injection in generated message constructors

protobufjs compiles protobuf definitions into JavaScript JS functions. Prior to 7.5.6 and 8.0.2, protobufjs generated message constructors copied enumerable properties from a provided properties object without filtering the proto key. If an application constructed a message from an...

CVE-2026-42406

A vulnerability exists in BIG-IP and BIG-IQ systems where a highly privileged, authenticated attacker with at least the Certificate Manager role can modify configuration objects that allow running arbitrary commands. Note: Software versions which have reached End of Technical Support EoTS are...

CVE-2026-42406 BIG-IP and BIG-IQ privilege escalation vulnerability

A vulnerability exists in BIG-IP and BIG-IQ systems where a highly privileged, authenticated attacker with at least the Certificate Manager role can modify configuration objects that allow running arbitrary commands. Note: Software versions which have reached End of Technical Support EoTS are...

CVE-2026-42406

CVE-2026-42406 affects BIG-IP and BIG-IQ. A highly privileged, authenticated user with at least the Certificate Manager role can modify configuration objects that enable running arbitrary commands, potentially executing system commands and creating/deleting files. On BIG-IP, exploitation may bypa...

CVE-2026-32643

A vulnerability exists in BIG-IP and BIG-IQ systems where a highly privileged, authenticated attacker with at least the Certificate Manager role can modify configuration objects that allow running arbitrary commands. Note: Software versions which have reached End of Technical Support EoTS are not...

CVE-2026-32643 BIG-IP and BIG-IQ privilege escalation vulnerability

A vulnerability exists in BIG-IP and BIG-IQ systems where a highly privileged, authenticated attacker with at least the Certificate Manager role can modify configuration objects that allow running arbitrary commands. Note: Software versions which have reached End of Technical Support EoTS are not...

CVE-2026-41225 iControl REST vulnerability

A vulnerability exists in iControl REST where a highly privileged, authenticated attacker with at least the Manager role can create configuration objects that allow running arbitrary commands. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...

CVE-2026-39459 iControl REST and tmsh vulnerability

A vulnerability exists in iControl REST and the TMOS Shell tmsh where a highly privileged, authenticated attacker with at least the Manager role can create configuration objects that allow running arbitrary commands. Note: Software versions which have reached End of Technical Support EoTS are not...

CVE-2026-41953

CVE-2026-41953 affects BIG-IP systems where a highly privileged, authenticated attacker with at least the Resource Administrator role can modify configuration objects, leading to privilege escalation. The vulnerability is a control plane issue with no data-plane exposure, and impact includes priv...

CVE-2026-41225

CVE-2026-41225 affects F5 BIG-IP iControl REST. A highly privileged, authenticated user (Manager) can create configuration objects that execute arbitrary commands. Impact is control-plane–level: privilege escalation and possible cross-boundary access in appliances; data plane remains unaffected p...

CVE-2026-41953 BIG-IP Privilege Escalation vulnerability

A vulnerability exists in BIG-IP systems where a highly privileged, authenticated attacker with at least the Resource Administrator role can modify configuration objects resulting in privilege escalation. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...

CVE-2026-41953 BIG-IP Privilege Escalation vulnerability

A vulnerability exists in BIG-IP systems where a highly privileged, authenticated attacker with at least the Resource Administrator role can modify configuration objects resulting in privilege escalation. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...

CVE-2026-41225 iControl REST vulnerability

A vulnerability exists in iControl REST where a highly privileged, authenticated attacker with at least the Manager role can create configuration objects that allow running arbitrary commands. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...

CVE-2026-42924

An authenticated attacker with the Resource Administrator or Administrator role can create SNMP configuration objects through iControl SOAP resulting in privilege escalation. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...

CVE-2026-40631

CVE-2026-40631 affects BIG-IP iControl SOAP. An authenticated attacker with Resource Administrator or Administrator rights can modify configuration objects via iControl SOAP, leading to privilege escalation. In Appliance mode, exploitation may cross security boundaries; data plane is not exposed....

CVE-2026-42924 BIG-IP iControl SOAP vulnerability

An authenticated attacker with the Resource Administrator or Administrator role can create SNMP configuration objects through iControl SOAP resulting in privilege escalation. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...

CVE-2026-42924 BIG-IP iControl SOAP vulnerability

An authenticated attacker with the Resource Administrator or Administrator role can create SNMP configuration objects through iControl SOAP resulting in privilege escalation. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...