BIG-IP

CVE-2026-42930 allows an authenticated attacker with 'Administrator' privileges to bypass Appliance mode restrictions on F5 BIG-IP systems.

CVE-2026-42924 allows an authenticated attacker with Resource Administrator or Administrator privileges to escalate privileges by creating malicious SNMP configuration objects through iControl SOAP.

CVE-2026-42920 describes a vulnerability where undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate when a Client SSL profile is configured with Allow Dynamic Record Sizing on a UDP virtual server.

CVE-2026-42406 allows a highly privileged, authenticated attacker with the Certificate Manager role to modify configuration objects in F5 BIG-IP and BIG-IQ systems, leading to arbitrary command execution.

An authenticated remote code execution vulnerability (CVE-2026-41957) exists in the F5 BIG-IP and BIG-IQ Configuration utility, potentially leading to arbitrary code execution on affected systems.

CVE-2026-41953 describes a privilege escalation vulnerability in F5 BIG-IP systems where a highly privileged, authenticated attacker with the Resource Administrator role can modify configuration objects, leading to elevated privileges within the system.

CVE-2026-40698 allows a highly privileged, authenticated attacker with Resource Administrator privileges in F5 BIG-IP and BIG-IQ systems to create SNMP configuration objects via iControl REST or TMOS shell (tmsh), resulting in privilege escalation.

CVE-2026-32643 describes a vulnerability in F5 BIG-IP and BIG-IQ systems that allows a highly privileged, authenticated attacker with the Certificate Manager role to modify configuration objects, leading to arbitrary command execution.