CVE-2026-28758

medium F5
CVSS v3 Base Score
4.4
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
EPSS Score
0.1%
Exploitation probability in 30 days
Top 100% most likely to be exploited
Attack Characteristics
Attack Vector
Local
Attack Complexity
Low
Privileges Required
High
User Interaction
None
Confidentiality
High
Integrity
None
Availability
None
Published: May 13, 2026 (57 days ago)
Last Modified: June 29, 2026
Vendor: F5
Source: NVD

Description

When BIG-IP DNS is provisioned, a vulnerability exists in the gtm_add and bigip_add iControl REST commands that return the ssh-password parameter in cleartext in the iControl REST response and is also logged in the audit log. This may allow a highly privileged, authenticated attacker with access to the audit log to view sensitive information.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated

CWE

CWE-312

Affected Products

f5 big-ip domain name system

References