CVE-2026-40423
- EPSS 0.26%
- Veröffentlicht 13.05.2026 14:12:43
- Zuletzt bearbeitet 29.06.2026 14:16:21
When a SIP profile is configured on a virtual server, undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
CVE-2026-24464
- EPSS 0.89%
- Veröffentlicht 13.05.2026 14:12:42
- Zuletzt bearbeitet 29.06.2026 18:00:40
When running in Appliance mode, a directory traversal vulnerability exists in an undisclosed iControl REST endpoint that may allow an authenticated attacker with administrator role privileges to cross a security boundary and delete files. Note: Soft...
CVE-2026-39458
- EPSS 0.26%
- Veröffentlicht 13.05.2026 14:12:42
- Zuletzt bearbeitet 29.06.2026 14:15:06
When a BIG-IP DNS profile enabled with DNS cache is configured on a virtual server, undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are n...
CVE-2026-41959
- EPSS 0.2%
- Veröffentlicht 13.05.2026 14:12:41
- Zuletzt bearbeitet 24.06.2026 14:52:18
Incorrect permission assignment vulnerabilities exist in BIG-IP and BIG-IQ TMOS Shell (tmsh) network diagnostics commands and in BIG-IP iControl REST. These vulnerabilities may allow an authenticated attacker to view the network status of destination...
CVE-2026-42406
- EPSS 0.15%
- Veröffentlicht 13.05.2026 14:12:41
- Zuletzt bearbeitet 23.06.2026 13:57:09
A vulnerability exists in BIG-IP and BIG-IQ systems where a highly privileged, authenticated attacker with at least the Certificate Manager role can modify configuration objects that allow running arbitrary commands. Note: Software versions which...
CVE-2026-32643
- EPSS 0.16%
- Veröffentlicht 13.05.2026 14:12:40
- Zuletzt bearbeitet 29.06.2026 14:14:14
A vulnerability exists in BIG-IP and BIG-IQ systems where a highly privileged, authenticated attacker with at least the Certificate Manager role can modify configuration objects that allow running arbitrary commands. Note: Software versions which ha...
CVE-2026-42058
- EPSS 0.19%
- Veröffentlicht 13.05.2026 14:12:40
- Zuletzt bearbeitet 23.06.2026 13:57:00
An authenticated attacker's undisclosed requests to BIG-IP iControl REST can lead to an information leak of BIG-IP local user account names. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
CVE-2026-32673
- EPSS 0.24%
- Veröffentlicht 13.05.2026 14:12:39
- Zuletzt bearbeitet 29.06.2026 14:14:21
A vulnerability exists in BIG-IP scripted monitors that may allow an authenticated attacker with the Resource Administrator or Administrator role to execute arbitrary system commands with higher privileges. In appliance mode deployments, a successful...
CVE-2026-39455
- EPSS 0.3%
- Veröffentlicht 13.05.2026 14:12:39
- Zuletzt bearbeitet 29.06.2026 14:15:01
When the BIG-IP Configuration utility is configured to use Lightweight Directory Access Protocol (LDAP) authentication, undisclosed traffic can cause the httpd process to exhaust the available file descriptors. Note: Software versions which have rea...
CVE-2026-41217
- EPSS 0.11%
- Veröffentlicht 13.05.2026 14:12:39
- Zuletzt bearbeitet 24.06.2026 14:51:28
A vulnerability exists in an undisclosed BIG-IP TMOS Shell (tmsh) command that may allow an authenticated attacker with resource administrator or administrator role to execute arbitrary system commands with higher privileges. In Appliance mode deploy...