CVE Catalog

CVE-2026-40462

MediumCVSS 6.5
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.25%

16th percentile - higher than 16% of all known CVEs

Summary

Incorrect permission assignment vulnerabilities exist in iControl REST and TMOS shell (tmsh) undisclosed command, allowing an authenticated attacker to view sensitive information.

Risk Assessment

The organization risks exposure of confidential data, such as configurations or keys, by an authenticated user with access to the management interface.

Recommendation

Immediately update the F5 BIG-IP system to a patched version and restrict access to iControl REST and tmsh to trusted accounts only.

Original NVD description (English source)

Incorrect permission assignment vulnerabilities exist in iControl REST and TMOS shell (tmsh) undisclosed command which may allow an authenticated attacker to view sensitive information.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS