CVE Catalog

CVE-2026-41954

MediumCVSS 4.9
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.29%

21th percentile - higher than 21% of all known CVEs

Summary

CVE-2026-41954 describes a sensitive information disclosure vulnerability in an undisclosed iControl REST endpoint and TMOS Shell (tmsh) command. This allows an authenticated attacker with resource administrator role privileges to view sensitive information.

Risk Assessment

The organization may be exposed to the disclosure of sensitive data, potentially leading to further attacks or privacy violations.

Recommendation

It is recommended to monitor and restrict access to endpoints and to update the software to versions that have not reached End of Technical Support.

Original NVD description (English source)

Sensitive information disclosure vulnerability exists in the undisclosed iControl REST endpoint and TMOS Shell (tmsh) command which may allow an authenticated attacker with resource administrator role privileges to view sensitive information.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS