CVE-2026-24464
mediumCVSS v3 Base Score
6.8
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:H/A:N
EPSS Score
0.9%
Exploitation probability in 30 days
Top 45% most likely to be exploited
Attack Characteristics
Attack Vector
Network
Attack Complexity
Low
Privileges Required
High
User Interaction
None
Confidentiality
None
Integrity
High
Availability
None
Vulnerability Report
Generated by CyberWatcher
Description
When running in Appliance mode, a directory traversal vulnerability exists in an undisclosed iControl REST endpoint that may allow an authenticated attacker with administrator role privileges to cross a security boundary and delete files. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
CWE
CWE-35Affected Products
f5 big-ip access policy managerf5 big-ip advanced firewall managerf5 big-ip advanced web application firewallf5 big-ip analyticsf5 big-ip application acceleration managerf5 big-ip application security managerf5 big-ip application visibility and reportingf5 big-ip automation toolchainf5 big-ip carrier-grade natf5 big-ip container ingress services