CVE-2026-42290

protobufjs-cli is the command line add-on for protobuf.js. Prior to 1.2.1 and 2.0.2, pbts invoked JSDoc by building a shell command string from input file paths and executing it through childprocess.exec. File paths containing shell metacharacters could therefore be interpreted by the shell inste...

CVE-2026-42290 protobufjs-cli: OS Command Injection

protobufjs-cli is the command line add-on for protobuf.js. Prior to 1.2.1 and 2.0.2, pbts invoked JSDoc by building a shell command string from input file paths and executing it through childprocess.exec. File paths containing shell metacharacters could therefore be interpreted by the shell inste...

CVE-2026-41959

CVE-2026-41959 affects BIG-IP/BIG-IQ TMOS Shell (tmsh) network diagnostics and iControl REST. Root cause: incorrect permission assignments allow an authenticated user to view destination systems’ network status. Impact: control-plane exposure (viewing network status) with no data-plane exposure; ...

CVE-2026-41959 iControl and tmsh REST vulnerability

Incorrect permission assignment vulnerabilities exist in BIG-IP and BIG-IQ TMOS Shell tmsh network diagnostics commands and in BIG-IP iControl REST. These vulnerabilities may allow an authenticated attacker to view the network status of destination systems. Note: Software versions which have...

CVE-2026-41959 iControl and tmsh REST vulnerability

Incorrect permission assignment vulnerabilities exist in BIG-IP and BIG-IQ TMOS Shell tmsh network diagnostics commands and in BIG-IP iControl REST. These vulnerabilities may allow an authenticated attacker to view the network status of destination systems. Note: Software versions which have...

CVE-2026-41959

Incorrect permission assignment vulnerabilities exist in BIG-IP and BIG-IQ TMOS Shell tmsh network diagnostics commands and in BIG-IP iControl REST. These vulnerabilities may allow an authenticated attacker to view the network status of destination systems. Note: Software versions which have...

CVE-2026-42937 iControl REST and tmsh vulnerability

Incorrect permission assignment vulnerabilities exist in BIG-IP and BIG-IQ TMOS Shell tmsh arp and ndp commands, and in BIG-IP iControl REST. These vulnerabilities may allow an authenticated attacker to view adjacent network information. Note: Software versions which have reached End of Technical...

CVE-2026-42937 iControl REST and tmsh vulnerability

Incorrect permission assignment vulnerabilities exist in BIG-IP and BIG-IQ TMOS Shell tmsh arp and ndp commands, and in BIG-IP iControl REST. These vulnerabilities may allow an authenticated attacker to view adjacent network information. Note: Software versions which have reached End of Technical...

CVE-2026-41217

The CVE-2026-41217 entry describes a vulnerability in an undisclosed BIG-IP TMOS Shell (tmsh) command that can allow an authenticated user with resource administrator or administrator role to execute arbitrary system commands with elevated privileges. In Appliance mode, a successful exploit can c...

CVE-2026-39459 iControl REST and tmsh vulnerability

A vulnerability exists in iControl REST and the TMOS Shell tmsh where a highly privileged, authenticated attacker with at least the Manager role can create configuration objects that allow running arbitrary commands. Note: Software versions which have reached End of Technical Support EoTS are not...

CVE-2026-39459 iControl REST and tmsh vulnerability

A vulnerability exists in iControl REST and the TMOS Shell tmsh where a highly privileged, authenticated attacker with at least the Manager role can create configuration objects that allow running arbitrary commands. Note: Software versions which have reached End of Technical Support EoTS are not...

CVE-2026-40698 iControl REST and TMSH vulnerability

A vulnerability exists in BIG-IP and BIG-IQ systems where a highly privileged, authenticated attacker with at least the Resource Administrator role can create SNMP configuration objects through iControl REST or the TMOS shell tmsh resulting in privilege escalation. Note: Software versions which...

CVE-2026-40061

CVE-2026-40061 affects BIG-IP DNS and relates to an undisclosed iControl REST and tmsh command that an authenticated attacker with Resource Administrator or Administrator privileges can use to execute arbitrary system commands with higher privileges. In Appliance mode, exploit could cross a secur...

CVE-2026-40061 iControl REST and tmsh vulnerability

When BIG-IP DNS is provisioned, a vulnerability exists in an undisclosed iControl REST and BIG-IP TMOS Shell tmsh command that may allow an authenticated attacker with the Resource Administrator or Administrator role to execute arbitrary system commands with higher privileges. In Appliance mode...

CVE-2026-42408 BIG-IP DNS tmsh vulnerability

When BIG-IP DNS is provisioned, a vulnerability exists in an undisclosed TMOS Shell tmsh command that may allow a highly privileged authenticated attacker to view sensitive information. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...

CVE-2026-42408

When BIG-IP DNS is provisioned, a vulnerability exists in an undisclosed TMOS Shell tmsh command that may allow a highly privileged authenticated attacker to view sensitive information. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...

CVE-2026-42408 BIG-IP DNS tmsh vulnerability

When BIG-IP DNS is provisioned, a vulnerability exists in an undisclosed TMOS Shell tmsh command that may allow a highly privileged authenticated attacker to view sensitive information. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...

CVE-2026-40462

CVE-2026-40462 affects F5 BIG-IP: an incorrect permission assignment in iControl REST and the TMOS shell (tmsh) could allow an authenticated user to view sensitive information (control plane exposure). Concrete details from connected advisories show affected branches/versions and available fixes....

CVE-2026-41954

CVE-2026-41954 affects F5 BIG-IP/iControl REST and tmsh. An authenticated resource administrator can view sensitive information via crafted requests (remote iControl REST or local tmsh). The F5 advisory lists affected branches: BIG-IP 21.x (vulnerable at 21.0.0; fix 21.0.0.1), 17.x (various sub-b...

CVE-2026-41954 iControl REST and tmsh vulnerability

Sensitive information disclosure vulnerability exists in the undisclosed iControl REST endpoint and TMOS Shell tmsh command which may allow an authenticated attacker with resource administrator role privileges to view sensitive information. Note: Software versions which have reached End of...