CVE-2026-28758
MediumCVSS 4.4Exploitation Probability (EPSS)
Low risk0th percentile - higher than 0% of all known CVEs
Summary
When BIG-IP DNS is provisioned, a vulnerability in the gtm_add and bigip_add iControl REST commands returns the ssh-password parameter in cleartext in the REST response and logs it in the audit log. This allows a highly privileged, authenticated attacker with audit log access to view sensitive information.
Risk Assessment
The organization risks exposure of SSH passwords, potentially leading to unauthorized access to managed systems and privilege escalation within the infrastructure.
Recommendation
Immediately apply security patches provided by the vendor and restrict audit log access to trusted administrators only.
Original NVD description (English source)
When BIG-IP DNS is provisioned, a vulnerability exists in the gtm_add and bigip_add iControl REST commands that return the ssh-password parameter in cleartext in the iControl REST response and is also logged in the audit log. This may allow a highly privileged, authenticated attacker with access to the audit log to view sensitive information. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated

