Scan free
Pending AnalysisCVE-2026-42930

CVE-2026-42930: Authentication Bypass in F5 BIG-IP

Platform

linux

Component

bigip

Fixed in

21.0.0.2

View on NVD
Save

CVE-2026-42930 describes an authentication bypass vulnerability in F5 BIG-IP when operating in Appliance mode. An authenticated administrator with the 'Administrator' role can circumvent restrictions, allowing them to perform actions they shouldn't be able to. This vulnerability impacts versions 16.1.0 through 21.0.0.2; a fix is available in version 21.0.0.2.

Impact and Attack Scenarios

Successful exploitation of CVE-2026-42930 allows an authenticated administrator to bypass Appliance mode restrictions within the F5 BIG-IP system. This effectively grants them elevated privileges and the ability to modify configurations or access sensitive data beyond their intended scope. The attacker could potentially gain full control of the BIG-IP system, leading to data breaches, service disruption, or further compromise of the network. The blast radius extends to any systems or services relying on the BIG-IP for load balancing, security, or application delivery.

Exploitation Context

CVE-2026-42930 was published on May 13, 2026. Severity is rated HIGH with a CVSS score of 8.7. Public proof-of-concept (POC) code is currently unavailable. The vulnerability is not listed on CISA KEV as of this writing. Exploitation probability is considered medium, given the requirement for authenticated access but the potential for significant impact.

Threat Intelligence

Exploit Status

Proof of ConceptUnknown
CISA KEVNO
Internet ExposureHigh

CISA SSVC

Exploitationnone
Automatableno
Technical Impacttotal

CVSS Vector

THREAT INTELLIGENCE· CVSS 3.1CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N8.7HIGHAttack VectorNetworkHow the attacker reaches the targetAttack ComplexityLowConditions required to exploitPrivileges RequiredHighAuthentication level needed to attackUser InteractionNoneWhether a victim must take actionScopeChangedImpact beyond the vulnerable componentConfidentialityHighRisk of sensitive data exposureIntegrityHighRisk of unauthorized data modificationAvailabilityNoneRisk of service disruptionnextguardhq.com · CVSS v3.1 Base Score
What do these metrics mean?
Attack Vector
Network — remotely exploitable over the internet. No physical or local access required. Widest attack surface.
Attack Complexity
Low — no special conditions required. Attacker can exploit reliably without depending on rare configurations or timing.
Privileges Required
High — admin or privileged account required to exploit.
User Interaction
None — attack is automatic and silent. Victim does nothing: no click, no file open.
Scope
Changed — successful attack can pivot beyond the vulnerable component to other systems or the host OS.
Confidentiality
High — complete confidentiality loss. Attacker can read all data: credentials, keys, personal data.
Integrity
High — attacker can write, modify, or delete any data: databases, config files, or code.
Availability
None — no availability impact. Service remains fully operational.

Affected Software

Componentbigip
VendorF5
Minimum version16.1.0
Maximum version21.0.0.2
Fixed in21.0.0.2

Weakness Classification (CWE)

CWE-35

Timeline

  1. Reserved
  2. Published

Mitigation and Workarounds

The primary mitigation for CVE-2026-42930 is to upgrade to F5 BIG-IP version 21.0.0.2 or later, which contains the fix. If immediate upgrade is not possible, consider implementing stricter role-based access controls within BIG-IP to limit the privileges of the 'Administrator' role. Review existing configurations to identify any potential misconfigurations that could exacerbate the impact of this vulnerability. Monitor BIG-IP logs for any suspicious activity related to administrator accounts. After upgrade, confirm the fix by verifying that Appliance mode restrictions are properly enforced for the 'Administrator' role.

How to fix

Actualice su sistema BIG-IP a una versión corregida. F5 ha publicado parches para abordar esta vulnerabilidad. Consulte la nota de seguridad K000160876 en el sitio web de F5 para obtener instrucciones detalladas sobre cómo aplicar las actualizaciones.

Frequently asked questions

What is CVE-2026-42930 — Authentication Bypass in F5 BIG-IP?

CVE-2026-42930 is a HIGH severity vulnerability affecting F5 BIG-IP versions 16.1.0–21.0.0.2. It allows an authenticated administrator to bypass Appliance mode restrictions, potentially granting unauthorized access.

Am I affected by CVE-2026-42930 in F5 BIG-IP?

If you are running F5 BIG-IP in Appliance mode and are using versions 16.1.0 through 21.0.0.2, you are potentially affected by this vulnerability. Check your version immediately.

How do I fix CVE-2026-42930 in F5 BIG-IP?

Upgrade to F5 BIG-IP version 21.0.0.2 or later to resolve this vulnerability. If immediate upgrade isn't possible, implement stricter role-based access controls.

Is CVE-2026-42930 being actively exploited?

As of the current date, there are no confirmed reports of active exploitation of CVE-2026-42930 in the wild, but the potential for exploitation exists.

Where can I find the official F5 advisory for CVE-2026-42930?

Refer to the official F5 security advisory for CVE-2026-42930 on the F5 website: [https://www.f5.com/security/center/advisory/f5-security-advisory-42930](https://www.f5.com/security/center/advisory/f5-security-advisory-42930)

Is your project affected?

Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.

Scan freeSearch CVEs
livefree scan

Try it now — no account

Upload any manifest (composer.lock, package-lock.json, WordPress plugin list…) or paste your component list. You get a vulnerability report instantly. Uploading a file is just the start: with an account you get continuous monitoring, Slack/email alerts, multi-project and white-label reports.

Manual scanSlack/email alertsContinuous monitoringWhite-label reports

Drag & drop your dependency file

composer.lock, package-lock.json, requirements.txt, Gemfile.lock, pubspec.lock, Dockerfile...