CVE-2026-34176
- EPSS 0.69%
- Veröffentlicht 13.05.2026 14:12:38
- Zuletzt bearbeitet 29.06.2026 17:45:19
When running in Appliance mode, an authenticated remote command injection vulnerability exists in an undisclosed iControl REST endpoint. A successful exploit can allow the attacker to cross a security boundary. Note: Software versions which have r...
CVE-2026-42063
- EPSS 0.29%
- Veröffentlicht 13.05.2026 14:12:38
- Zuletzt bearbeitet 23.06.2026 13:57:19
A vulnerability exists in iControl SOAP where an authenticated attacker with the Resource Administrator or Administrator role can download sensitive files. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
CVE-2026-39459
- EPSS 0.26%
- Veröffentlicht 13.05.2026 14:12:37
- Zuletzt bearbeitet 29.06.2026 17:26:04
A vulnerability exists in iControl REST and the TMOS Shell (tmsh) where a highly privileged, authenticated attacker with at least the Manager role can create configuration objects that allow running arbitrary commands. Note: Software versions which...
CVE-2026-41225
- EPSS 0.27%
- Veröffentlicht 13.05.2026 14:12:37
- Zuletzt bearbeitet 24.06.2026 14:51:41
A vulnerability exists in iControl REST where a highly privileged, authenticated attacker with at least the Manager role can create configuration objects that allow running arbitrary commands. Note: Software versions which have reached End of Techn...
CVE-2026-41953
- EPSS 0.25%
- Veröffentlicht 13.05.2026 14:12:37
- Zuletzt bearbeitet 24.06.2026 14:52:04
A vulnerability exists in BIG-IP systems where a highly privileged, authenticated attacker with at least the Resource Administrator role can modify configuration objects resulting in privilege escalation. Note: Software versions which have reached E...
CVE-2026-40631
- EPSS 0.25%
- Veröffentlicht 13.05.2026 14:12:36
- Zuletzt bearbeitet 29.06.2026 14:17:42
An authenticated attacker with the Resource Administrator or Administrator role can modify configuration objects through iControl SOAP resulting in privilege escalation. Note: Software versions which have reached End of Technical Support (EoTS) are ...
CVE-2026-40698
- EPSS 0.24%
- Veröffentlicht 13.05.2026 14:12:36
- Zuletzt bearbeitet 29.06.2026 15:30:00
A vulnerability exists in BIG-IP and BIG-IQ systems where a highly privileged, authenticated attacker with at least the Resource Administrator role can create SNMP configuration objects through iControl REST or the TMOS shell (tmsh) resulting in priv...
CVE-2026-40060
- EPSS 0.32%
- Veröffentlicht 13.05.2026 14:12:35
- Zuletzt bearbeitet 29.06.2026 14:15:34
When a BIG-IP Advanced WAF or ASM security policy is configured on a virtual server, undisclosed requests can cause the bd process to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
CVE-2026-41227
- EPSS 0.26%
- Veröffentlicht 13.05.2026 14:12:35
- Zuletzt bearbeitet 24.06.2026 14:52:01
On an HTTP/2 virtual server with Layer 7 DoS Protection configured, undisclosed traffic can result in an increase in memory consumption causing the Traffic Management Microkernel (TMM) process to terminate. Note: Software versions which have reached...
CVE-2026-42409
- EPSS 0.26%
- Veröffentlicht 13.05.2026 14:12:35
- Zuletzt bearbeitet 23.06.2026 13:58:18
When an HTTP/2 profile and an iRule containing the HTTP::redirect or HTTP::respond command are configured on a virtual server, undisclosed requests can cause the Traffic Management Microkernel (TMM) process to terminate. Note: Software versions whic...