CVE-2026-34176
highCVSS v3 Base Score
8.7
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N
EPSS Score
0.7%
Exploitation probability in 30 days
Top 52% most likely to be exploited
Attack Characteristics
Attack Vector
Network
Attack Complexity
Low
Privileges Required
High
User Interaction
None
Confidentiality
High
Integrity
High
Availability
None
Vulnerability Report
Generated by CyberWatcher
Description
When running in Appliance mode, an authenticated remote command injection vulnerability exists in an undisclosed iControl REST endpoint. A successful exploit can allow the attacker to cross a security boundary.
Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
CWE
CWE-78Affected Products
f5 big-ip access policy managerf5 big-ip advanced firewall managerf5 big-ip advanced web application firewallf5 big-ip analyticsf5 big-ip application acceleration managerf5 big-ip application security managerf5 big-ip application visibility and reportingf5 big-ip automation toolchainf5 big-ip carrier-grade natf5 big-ip container ingress services