Permission Assignment Flaw in F5 BIG-IP and BIG-IQ Products
CVE-2026-41959

6.8MEDIUM

Key Information:

Vendor: F5
Status: Big-ip; Big-iq
Vendor: CVE Published:; 13 May 2026

What is CVE-2026-41959?

The vulnerability involves incorrect permission assignments within the network diagnostics commands of the BIG-IP and BIG-IQ TMOS Shell (tmsh) as well as the BIG-IP iControl REST interface. An authenticated attacker could exploit these vulnerabilities to gain unauthorized access and view sensitive network status information regarding destination systems, potentially leading to further exploits.

Affected Version(s)

BIG-IP 21.0.0 < 21.0.0.2

BIG-IP 17.5.0 < 17.5.1.6

BIG-IP 17.1.0 < 17.1.3.2

References

https://my.f5.com/manage/s/article/K000161022

vendor-advisorypatch

CVSS V4

Score:

6.8

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 13, 2026
Vulnerability Reserved
Apr 30, 2026

Credit

CVE-2026-41959 Data

JSON