7469 matches found
CVE-2026-32643
A vulnerability exists in BIG-IP and BIG-IQ systems where a highly privileged, authenticated attacker with at least the Certificate Manager role can modify configuration objects that allow running arbitrary commands. Note: Software versions which have reached End of Technical Support EoTS are not...
CVE-2026-44292 protobufjs: Prototype injection in generated message constructors
protobufjs compiles protobuf definitions into JavaScript JS functions. Prior to 7.5.6 and 8.0.2, protobufjs generated message constructors copied enumerable properties from a provided properties object without filtering the proto key. If an application constructed a message from an...
CVE-2026-42406
A vulnerability exists in BIG-IP and BIG-IQ systems where a highly privileged, authenticated attacker with at least the Certificate Manager role can modify configuration objects that allow running arbitrary commands. Note: Software versions which have reached End of Technical Support EoTS are...
CVE-2026-42406 BIG-IP and BIG-IQ privilege escalation vulnerability
A vulnerability exists in BIG-IP and BIG-IQ systems where a highly privileged, authenticated attacker with at least the Certificate Manager role can modify configuration objects that allow running arbitrary commands. Note: Software versions which have reached End of Technical Support EoTS are...
CVE-2026-42406
CVE-2026-42406 affects BIG-IP and BIG-IQ. A highly privileged, authenticated user with at least the Certificate Manager role can modify configuration objects that enable running arbitrary commands, potentially executing system commands and creating/deleting files. On BIG-IP, exploitation may bypa...
CVE-2026-32643
A vulnerability exists in BIG-IP and BIG-IQ systems where a highly privileged, authenticated attacker with at least the Certificate Manager role can modify configuration objects that allow running arbitrary commands. Note: Software versions which have reached End of Technical Support EoTS are not...
CVE-2026-32643 BIG-IP and BIG-IQ privilege escalation vulnerability
A vulnerability exists in BIG-IP and BIG-IQ systems where a highly privileged, authenticated attacker with at least the Certificate Manager role can modify configuration objects that allow running arbitrary commands. Note: Software versions which have reached End of Technical Support EoTS are not...
CVE-2026-39459 iControl REST and tmsh vulnerability
A vulnerability exists in iControl REST and the TMOS Shell tmsh where a highly privileged, authenticated attacker with at least the Manager role can create configuration objects that allow running arbitrary commands. Note: Software versions which have reached End of Technical Support EoTS are not...
CVE-2026-41225 iControl REST vulnerability
A vulnerability exists in iControl REST where a highly privileged, authenticated attacker with at least the Manager role can create configuration objects that allow running arbitrary commands. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...
CVE-2026-41953
CVE-2026-41953 affects BIG-IP systems where a highly privileged, authenticated attacker with at least the Resource Administrator role can modify configuration objects, leading to privilege escalation. The vulnerability is a control plane issue with no data-plane exposure, and impact includes priv...
CVE-2026-41225
CVE-2026-41225 affects F5 BIG-IP iControl REST. A highly privileged, authenticated user (Manager) can create configuration objects that execute arbitrary commands. Impact is control-plane–level: privilege escalation and possible cross-boundary access in appliances; data plane remains unaffected p...
CVE-2026-41953 BIG-IP Privilege Escalation vulnerability
A vulnerability exists in BIG-IP systems where a highly privileged, authenticated attacker with at least the Resource Administrator role can modify configuration objects resulting in privilege escalation. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...
CVE-2026-41953 BIG-IP Privilege Escalation vulnerability
A vulnerability exists in BIG-IP systems where a highly privileged, authenticated attacker with at least the Resource Administrator role can modify configuration objects resulting in privilege escalation. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...
CVE-2026-41225 iControl REST vulnerability
A vulnerability exists in iControl REST where a highly privileged, authenticated attacker with at least the Manager role can create configuration objects that allow running arbitrary commands. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...
CVE-2026-42924
An authenticated attacker with the Resource Administrator or Administrator role can create SNMP configuration objects through iControl SOAP resulting in privilege escalation. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...
CVE-2026-40631
CVE-2026-40631 affects BIG-IP iControl SOAP. An authenticated attacker with Resource Administrator or Administrator rights can modify configuration objects via iControl SOAP, leading to privilege escalation. In Appliance mode, exploitation may cross security boundaries; data plane is not exposed....
CVE-2026-42924 BIG-IP iControl SOAP vulnerability
An authenticated attacker with the Resource Administrator or Administrator role can create SNMP configuration objects through iControl SOAP resulting in privilege escalation. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...
CVE-2026-42924 BIG-IP iControl SOAP vulnerability
An authenticated attacker with the Resource Administrator or Administrator role can create SNMP configuration objects through iControl SOAP resulting in privilege escalation. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...
CVE-2026-40698 iControl REST and TMSH vulnerability
A vulnerability exists in BIG-IP and BIG-IQ systems where a highly privileged, authenticated attacker with at least the Resource Administrator role can create SNMP configuration objects through iControl REST or the TMOS shell tmsh resulting in privilege escalation. Note: Software versions which...
K000160981: iControl REST and tmsh vulnerability CVE-2026-40698
Security Advisory Description A vulnerability exists in BIG-IP and BIG-IQ systems where a highly privileged, authenticated attacker with at least the Resource Administrator role can create SNMP configuration objects through iControl REST or the TMOS shell tmsh resulting in privilege escalation...