Scan free
Pending AnalysisCVE-2026-41957

CVE-2026-41957: RCE in F5 BIG-IP Configuration Utility

Platform

linux

Component

bigip

Fixed in

17.5.1.4

View on NVD
Save

CVE-2026-41957 describes a remote code execution (RCE) vulnerability discovered in the F5 BIG-IP and BIG-IQ Configuration utility. This vulnerability allows an authenticated attacker to execute arbitrary code on the affected system. Versions 16.1.0 through 17.5.1.4 are affected, and a patch is available in version 17.5.1.4.

Impact and Attack Scenarios

Successful exploitation of CVE-2026-41957 could allow an attacker to gain complete control over the affected BIG-IP or BIG-IQ system. This includes the ability to modify system configurations, steal sensitive data (such as user credentials, SSL certificates, and network configurations), and potentially pivot to other systems within the network. Given the critical role BIG-IP often plays in network infrastructure, a compromise could have a significant impact on the availability and integrity of services. The undisclosed nature of the vectors makes it difficult to predict the exact attack surface, but the RCE nature of the vulnerability suggests a high potential for severe consequences.

Exploitation Context

CVE-2026-41957 was published on May 13, 2026. The vulnerability's severity is rated HIGH (CVSS 8.8). The undisclosed nature of the attack vectors means that public exploits are currently unavailable, but the RCE nature of the vulnerability suggests a potential for exploitation once the vectors are discovered. Monitor security advisories and threat intelligence feeds for any updates regarding active exploitation campaigns.

Threat Intelligence

Exploit Status

Proof of ConceptUnknown
CISA KEVNO
Internet ExposureHigh

CISA SSVC

Exploitationnone
Automatableno
Technical Impacttotal

CVSS Vector

THREAT INTELLIGENCE· CVSS 3.1CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H8.8HIGHAttack VectorNetworkHow the attacker reaches the targetAttack ComplexityLowConditions required to exploitPrivileges RequiredLowAuthentication level needed to attackUser InteractionNoneWhether a victim must take actionScopeUnchangedImpact beyond the vulnerable componentConfidentialityHighRisk of sensitive data exposureIntegrityHighRisk of unauthorized data modificationAvailabilityHighRisk of service disruptionnextguardhq.com · CVSS v3.1 Base Score
What do these metrics mean?
Attack Vector
Network — remotely exploitable over the internet. No physical or local access required. Widest attack surface.
Attack Complexity
Low — no special conditions required. Attacker can exploit reliably without depending on rare configurations or timing.
Privileges Required
Low — any valid user account is sufficient. Basic authenticated access required.
User Interaction
None — attack is automatic and silent. Victim does nothing: no click, no file open.
Scope
Unchanged — impact is limited to the vulnerable component itself.
Confidentiality
High — complete confidentiality loss. Attacker can read all data: credentials, keys, personal data.
Integrity
High — attacker can write, modify, or delete any data: databases, config files, or code.
Availability
High — complete crash or resource exhaustion. Full denial of service.

Affected Software

Componentbigip
VendorF5
Minimum version16.1.0
Maximum version17.5.1.4
Fixed in17.5.1.4

Weakness Classification (CWE)

CWE-502

Timeline

  1. Reserved
  2. Published

Mitigation and Workarounds

The primary mitigation for CVE-2026-41957 is to upgrade to version 17.5.1.4 or later. If immediate upgrading is not possible, consider implementing network segmentation to limit the potential blast radius of a successful attack. While specific WAF rules are not readily available due to the undisclosed vectors, general RCE protection rules may offer some limited protection. Regularly review BIG-IP configurations for any unusual or unauthorized changes. After upgrading, verify the integrity of the system by checking for any unexpected processes or modified files.

How to fix

F5 recomienda aplicar las actualizaciones de seguridad proporcionadas en el aviso de seguridad correspondiente (K000156761).  Estas actualizaciones corrigen la vulnerabilidad de ejecución remota de código.  Consulte la documentación de F5 para obtener instrucciones detalladas sobre cómo aplicar las actualizaciones.

Frequently asked questions

What is CVE-2026-41957 — RCE in F5 BIG-IP?

CVE-2026-41957 is a remote code execution vulnerability affecting F5 BIG-IP and BIG-IQ Configuration utility versions 16.1.0 through 17.5.1.4. An authenticated attacker can execute arbitrary code.

Am I affected by CVE-2026-41957 in F5 BIG-IP?

You are affected if you are running F5 BIG-IP or BIG-IQ Configuration utility versions 16.1.0 through 17.5.1.4. Check your version immediately.

How do I fix CVE-2026-41957 in F5 BIG-IP?

Upgrade to version 17.5.1.4 or later to remediate the vulnerability. If immediate upgrade is not possible, implement network segmentation.

Is CVE-2026-41957 being actively exploited?

Currently, there are no publicly known exploits, but the RCE nature of the vulnerability suggests a potential for exploitation once the vectors are discovered.

Where can I find the official F5 advisory for CVE-2026-41957?

Refer to the official F5 Security Advisory for CVE-2026-41957 on the F5 website: [https://www.f5.com/security/center/advisory/f5-security-advisory-41957](https://www.f5.com/security/center/advisory/f5-security-advisory-41957)

Is your project affected?

Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.

Scan freeSearch CVEs
livefree scan

Try it now — no account

Upload any manifest (composer.lock, package-lock.json, WordPress plugin list…) or paste your component list. You get a vulnerability report instantly. Uploading a file is just the start: with an account you get continuous monitoring, Slack/email alerts, multi-project and white-label reports.

Manual scanSlack/email alertsContinuous monitoringWhite-label reports

Drag & drop your dependency file

composer.lock, package-lock.json, requirements.txt, Gemfile.lock, pubspec.lock, Dockerfile...