{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata. Fed continuously.","feed_url":"https://feed.craftedsignal.io/products/big-ip-dns/feed.json","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cpes":[],"_cs_cves":[{"cvss":8.7,"id":"CVE-2026-40061"}],"_cs_exploited":false,"_cs_has_poc":false,"_cs_poc_references":[],"_cs_products":["BIG-IP DNS"],"_cs_severities":["high"],"_cs_tags":["privilege-escalation","execution","cve"],"_cs_type":"advisory","_cs_vendors":["F5"],"content_html":"\u003cp\u003eCVE-2026-40061 is a vulnerability affecting F5 BIG-IP DNS when provisioned. This flaw resides within an undisclosed iControl REST and BIG-IP TMOS Shell (tmsh) command. Successful exploitation requires an authenticated attacker holding either the Resource Administrator or Administrator role. A successful exploit grants the attacker the ability to execute arbitrary system commands with elevated privileges. In Appliance mode deployments, successful exploitation allows the attacker to bypass security restrictions. Note that versions which have reached End of Technical Support (EoTS) are not evaluated.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAn authenticated attacker gains access to the BIG-IP DNS system with either Resource Administrator or Administrator credentials.\u003c/li\u003e\n\u003cli\u003eThe attacker leverages an undisclosed iControl REST API endpoint or a BIG-IP TMOS Shell (tmsh) command.\u003c/li\u003e\n\u003cli\u003eThe attacker injects malicious commands into a parameter or argument of the vulnerable iControl REST API or tmsh command.\u003c/li\u003e\n\u003cli\u003eThe injected commands are executed by the BIG-IP system with elevated privileges.\u003c/li\u003e\n\u003cli\u003eThe attacker gains unauthorized access to sensitive data or system resources.\u003c/li\u003e\n\u003cli\u003eIn Appliance mode deployments, the attacker crosses security boundaries, gaining further access.\u003c/li\u003e\n\u003cli\u003eThe attacker establishes persistence through a backdoor or scheduled task.\u003c/li\u003e\n\u003cli\u003eThe attacker achieves complete control over the BIG-IP DNS system.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of CVE-2026-40061 can lead to a complete compromise of the BIG-IP DNS system. An attacker can gain unauthorized access to sensitive data, modify system configurations, and disrupt network services. In Appliance mode deployments, the attacker can bypass security restrictions, potentially gaining access to other systems within the network. The impact could range from data breaches and service disruptions to complete system takeover.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eApply the latest security patches released by F5 Networks to address CVE-2026-40061 on BIG-IP DNS.\u003c/li\u003e\n\u003cli\u003eReview user roles and permissions to ensure that only authorized personnel have Resource Administrator or Administrator privileges on BIG-IP DNS.\u003c/li\u003e\n\u003cli\u003eMonitor BIG-IP DNS logs for suspicious activity related to iControl REST API calls and tmsh commands, using the \u0026ldquo;Detect BIG-IP DNS iControl REST/TMSH Command Injection\u0026rdquo; Sigma rule.\u003c/li\u003e\n\u003cli\u003eImplement network segmentation to limit the impact of a successful exploit on Appliance mode deployments.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-05-13T16:22:07Z","date_published":"2026-05-13T16:22:07Z","id":"https://feed.craftedsignal.io/briefs/2026-05-cve-2026-40061-bigip/","summary":"CVE-2026-40061 is a vulnerability in F5 BIG-IP DNS that allows an authenticated attacker with Resource Administrator or Administrator privileges to execute arbitrary system commands with elevated privileges via undisclosed iControl REST and TMOS Shell (tmsh) commands, potentially crossing security boundaries in Appliance mode deployments.","title":"CVE-2026-40061: BIG-IP DNS iControl REST/TMSH Command Injection Vulnerability","url":"https://feed.craftedsignal.io/briefs/2026-05-cve-2026-40061-bigip/"}],"language":"en","title":"CraftedSignal Threat Feed — BIG-IP DNS","version":"https://jsonfeed.org/version/1.1"}