CVE-2026-41954
MediumCVSS 4.9Exploitation Probability (EPSS)
Low risk21th percentile - higher than 21% of all known CVEs
Summary
CVE-2026-41954 describes a sensitive information disclosure vulnerability in an undisclosed iControl REST endpoint and TMOS Shell (tmsh) command. This allows an authenticated attacker with resource administrator role privileges to view sensitive information.
Risk Assessment
The organization may be exposed to the disclosure of sensitive data, potentially leading to further attacks or privacy violations.
Recommendation
It is recommended to monitor and restrict access to endpoints and to update the software to versions that have not reached End of Technical Support.
Original NVD description (English source)
Sensitive information disclosure vulnerability exists in the undisclosed iControl REST endpoint and TMOS Shell (tmsh) command which may allow an authenticated attacker with resource administrator role privileges to view sensitive information. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

