CVE-2026-41954

medium F5
CVSS v3 Base Score
4.9
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
EPSS Score
0.3%
Exploitation probability in 30 days
Top 79% most likely to be exploited
Attack Characteristics
Attack Vector
Network
Attack Complexity
Low
Privileges Required
High
User Interaction
None
Confidentiality
High
Integrity
None
Availability
None
Published: May 13, 2026 (57 days ago)
Last Modified: June 24, 2026
Vendor: F5
Source: NVD

Description

Sensitive information disclosure vulnerability exists in the undisclosed iControl REST endpoint and TMOS Shell (tmsh) command which may allow an authenticated attacker with resource administrator role privileges to view sensitive information.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

CWE

CWE-200

Affected Products

f5 big-ip access policy managerf5 big-ip advanced firewall managerf5 big-ip advanced web application firewallf5 big-ip analyticsf5 big-ip application acceleration managerf5 big-ip application security managerf5 big-ip application visibility and reportingf5 big-ip automation toolchainf5 big-ip carrier-grade natf5 big-ip container ingress services

References