CVE-2026-40698: Privilege Escalation in F5 BIG-IP
Plattform
linux
Komponente
bigip
Behoben in
21.0.0.2
CVE-2026-40698 describes a privilege escalation vulnerability in F5 BIG-IP and BIG-IQ systems. A highly privileged, authenticated attacker, possessing at least the Resource Administrator role, can leverage this flaw to create malicious SNMP configuration objects. This can lead to unauthorized access and control of the system, potentially compromising sensitive data and system integrity. Affected versions include those between 16.1.0 and 21.0.0.2, with a fix available in version 21.0.0.2.
Auswirkungen und Angriffsszenarienwird übersetzt…
The impact of CVE-2026-40698 is significant due to the potential for privilege escalation. An attacker who can successfully exploit this vulnerability can gain control over the BIG-IP or BIG-IQ system, effectively bypassing existing security controls. This could allow them to modify configurations, access sensitive data (such as user credentials, network traffic logs, and application data), and potentially pivot to other systems within the network. The ability to create SNMP configuration objects provides a flexible attack vector, allowing attackers to tailor their actions to achieve specific objectives. Successful exploitation could lead to a complete compromise of the affected system and its associated data, similar to scenarios where attackers leverage misconfigured administrative interfaces to gain control.
Ausnutzungskontextwird übersetzt…
CVE-2026-40698 was published on May 13, 2026. The vulnerability's exploitation probability is currently assessed as medium due to the requirement for authenticated access with a specific role. No public exploits or active campaigns have been reported at the time of writing. The vulnerability is not currently listed on KEV (Known Exploited Vulnerabilities) catalogs. Monitor security advisories and threat intelligence feeds for any updates regarding exploitation activity.
Bedrohungsanalyse
Exploit-Status
CISA SSVC
CVSS-Vektor
Was bedeuten diese Metriken?
- Attack Vector
- Netzwerk — aus der Ferne über das Internet ausnutzbar. Kein physischer oder lokaler Zugriff erforderlich.
- Attack Complexity
- Niedrig — keine besonderen Bedingungen erforderlich. Zuverlässig ausnutzbar.
- Privileges Required
- Hoch — Administrator- oder Privilegienkonto erforderlich.
- User Interaction
- Keine — automatischer und lautloser Angriff. Das Opfer tut nichts.
- Scope
- Geändert — Angriff kann über die anfällige Komponente hinaus auf andere Systeme übergreifen.
- Confidentiality
- Hoch — vollständiger Vertraulichkeitsverlust. Angreifer kann alle Daten lesen.
- Integrity
- Hoch — Angreifer kann beliebige Daten schreiben, ändern oder löschen.
- Availability
- Keine — kein Verfügbarkeitseinfluss.
Betroffene Software
Schwachstellen-Klassifikation (CWE)
Zeitleiste
- Reserviert
- Veröffentlicht
Mitigation und Workaroundswird übersetzt…
The primary mitigation for CVE-2026-40698 is to upgrade to F5 BIG-IP or BIG-IQ version 21.0.0.2 or later. If an immediate upgrade is not feasible, consider implementing temporary workarounds. Restricting access to iControl REST and the TMOS shell (tmsh) to only authorized personnel can reduce the attack surface. Review and audit existing SNMP configurations to identify and remove any suspicious or unauthorized objects. Implement strict role-based access controls to limit the number of users with the Resource Administrator role. Monitor iControl REST and tmsh activity for any unusual or unauthorized configuration changes. After upgrading, verify the fix by attempting to create an SNMP configuration object with a non-administrative user account; the attempt should be rejected.
So behebenwird übersetzt…
Actualice a una versión corregida de BIG-IP o BIG-IQ. F5 ha lanzado parches para abordar esta vulnerabilidad. Consulte la documentación de F5 para obtener instrucciones detalladas sobre cómo aplicar las actualizaciones y mitigar el riesgo.
Häufig gestellte Fragenwird übersetzt…
What is CVE-2026-40698 — Privilege Escalation in F5 BIG-IP?
CVE-2026-40698 is a HIGH severity vulnerability affecting F5 BIG-IP and BIG-IQ systems. It allows an authenticated attacker with the Resource Administrator role to escalate privileges by creating malicious SNMP configurations.
Am I affected by CVE-2026-40698 in F5 BIG-IP?
You are affected if you are running F5 BIG-IP or BIG-IQ versions between 16.1.0 and 21.0.0.2. Check your version and upgrade as soon as possible.
How do I fix CVE-2026-40698 in F5 BIG-IP?
Upgrade to F5 BIG-IP or BIG-IQ version 21.0.0.2 or later. Implement temporary workarounds like restricting access to iControl REST and tmsh if an immediate upgrade is not possible.
Is CVE-2026-40698 being actively exploited?
Currently, there are no reports of active exploitation or public exploits for CVE-2026-40698, but continuous monitoring is recommended.
Where can I find the official F5 advisory for CVE-2026-40698?
Refer to the official F5 security advisory for CVE-2026-40698 on the F5 website (https://www.f5.com/security/center/alerts/all/57486).
Ist dein Projekt betroffen?
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.
Jetzt testen — kein Konto
Laden Sie ein Manifest hoch (composer.lock, package-lock.json, WordPress Plugin-Liste…) oder fügen Sie Ihre Komponentenliste ein. Sie erhalten sofort einen Schwachstellenbericht. Das Hochladen einer Datei ist nur der Anfang: Mit einem Konto erhalten Sie kontinuierliche Überwachung, Slack/email-Benachrichtigungen, Multi-Projekt- und White-Label-Berichte.
Abhängigkeitsdatei hier ablegen
composer.lock, package-lock.json, requirements.txt, Gemfile.lock, pubspec.lock, Dockerfile...