Escanear gratis
Análisis pendienteCVE-2026-40698

CVE-2026-40698: Privilege Escalation in F5 BIG-IP

Plataforma

linux

Componente

bigip

Corregido en

21.0.0.2

Ver en NVD
Guardar

CVE-2026-40698 describes a privilege escalation vulnerability in F5 BIG-IP and BIG-IQ systems. A highly privileged, authenticated attacker, possessing at least the Resource Administrator role, can leverage this flaw to create malicious SNMP configuration objects. This can lead to unauthorized access and control of the system, potentially compromising sensitive data and system integrity. Affected versions include those between 16.1.0 and 21.0.0.2, with a fix available in version 21.0.0.2.

Impacto y Escenarios de Ataquetraduciendo…

The impact of CVE-2026-40698 is significant due to the potential for privilege escalation. An attacker who can successfully exploit this vulnerability can gain control over the BIG-IP or BIG-IQ system, effectively bypassing existing security controls. This could allow them to modify configurations, access sensitive data (such as user credentials, network traffic logs, and application data), and potentially pivot to other systems within the network. The ability to create SNMP configuration objects provides a flexible attack vector, allowing attackers to tailor their actions to achieve specific objectives. Successful exploitation could lead to a complete compromise of the affected system and its associated data, similar to scenarios where attackers leverage misconfigured administrative interfaces to gain control.

Contexto de Explotacióntraduciendo…

CVE-2026-40698 was published on May 13, 2026. The vulnerability's exploitation probability is currently assessed as medium due to the requirement for authenticated access with a specific role. No public exploits or active campaigns have been reported at the time of writing. The vulnerability is not currently listed on KEV (Known Exploited Vulnerabilities) catalogs. Monitor security advisories and threat intelligence feeds for any updates regarding exploitation activity.

Inteligencia de Amenazas

Estado del Exploit

Prueba de ConceptoDesconocido
CISA KEVNO
Exposición en InternetAlta

CISA SSVC

Explotaciónnone
Automatizableno
Impacto Técnicototal

Vector CVSS

INTELIGENCIA DE AMENAZAS· CVSS 3.1CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N8.7HIGHAttack VectorNetworkCómo el atacante alcanza el objetivoAttack ComplexityLowCondiciones necesarias para explotarPrivileges RequiredHighNivel de autenticación requeridoUser InteractionNoneSi la víctima debe realizar una acciónScopeChangedImpacto más allá del componente afectadoConfidentialityHighRiesgo de exposición de datos sensiblesIntegrityHighRiesgo de modificación no autorizada de datosAvailabilityNoneRiesgo de interrupción del servicionextguardhq.com · Puntuación Base CVSS v3.1
¿Qué significan estas métricas?
Attack Vector
Red — explotable remotamente por internet. Sin acceso físico ni local. Mayor superficie de ataque.
Attack Complexity
Baja — sin condiciones especiales. El atacante puede explotar de forma confiable sin configuraciones raras.
Privileges Required
Alto — se requiere cuenta de administrador o privilegiada.
User Interaction
Ninguna — el ataque es automático y silencioso. La víctima no hace nada.
Scope
Cambiado — el ataque puede pivotar a otros sistemas más allá del componente vulnerable.
Confidentiality
Alto — pérdida total de confidencialidad. El atacante puede leer todos los datos.
Integrity
Alto — el atacante puede escribir, modificar o eliminar cualquier dato.
Availability
Ninguno — sin impacto en disponibilidad.

Software Afectado

Componentebigip
ProveedorF5
Versión mínima16.1.0
Versión máxima21.0.0.2
Corregido en21.0.0.2

Clasificación de Debilidad (CWE)

CWE-77

Cronología

  1. Reservado
  2. Publicada

Mitigación y Workaroundstraduciendo…

The primary mitigation for CVE-2026-40698 is to upgrade to F5 BIG-IP or BIG-IQ version 21.0.0.2 or later. If an immediate upgrade is not feasible, consider implementing temporary workarounds. Restricting access to iControl REST and the TMOS shell (tmsh) to only authorized personnel can reduce the attack surface. Review and audit existing SNMP configurations to identify and remove any suspicious or unauthorized objects. Implement strict role-based access controls to limit the number of users with the Resource Administrator role. Monitor iControl REST and tmsh activity for any unusual or unauthorized configuration changes. After upgrading, verify the fix by attempting to create an SNMP configuration object with a non-administrative user account; the attempt should be rejected.

Cómo corregirlotraduciendo…

Actualice a una versión corregida de BIG-IP o BIG-IQ. F5 ha lanzado parches para abordar esta vulnerabilidad. Consulte la documentación de F5 para obtener instrucciones detalladas sobre cómo aplicar las actualizaciones y mitigar el riesgo.

Preguntas frecuentestraduciendo…

What is CVE-2026-40698 — Privilege Escalation in F5 BIG-IP?

CVE-2026-40698 is a HIGH severity vulnerability affecting F5 BIG-IP and BIG-IQ systems. It allows an authenticated attacker with the Resource Administrator role to escalate privileges by creating malicious SNMP configurations.

Am I affected by CVE-2026-40698 in F5 BIG-IP?

You are affected if you are running F5 BIG-IP or BIG-IQ versions between 16.1.0 and 21.0.0.2. Check your version and upgrade as soon as possible.

How do I fix CVE-2026-40698 in F5 BIG-IP?

Upgrade to F5 BIG-IP or BIG-IQ version 21.0.0.2 or later. Implement temporary workarounds like restricting access to iControl REST and tmsh if an immediate upgrade is not possible.

Is CVE-2026-40698 being actively exploited?

Currently, there are no reports of active exploitation or public exploits for CVE-2026-40698, but continuous monitoring is recommended.

Where can I find the official F5 advisory for CVE-2026-40698?

Refer to the official F5 security advisory for CVE-2026-40698 on the F5 website (https://www.f5.com/security/center/alerts/all/57486).

¿Tu proyecto está afectado?

Sube tu archivo de dependencias y detecta esta y otras CVEs al instante.

Escanear gratisBuscar CVEs
liveescaneo gratuito

Pruébalo ahora — sin cuenta

Sube cualquier manifiesto (composer.lock, package-lock.json, lista de plugins WordPress…) o pega tu lista de componentes. Recibís un reporte de vulnerabilidades al instante. Subir un archivo es solo el primer paso: con una cuenta tenés monitoreo continuo, alertas en tu canal, multi-proyecto y reportes white-label.

Escaneo manualAlertas en Slack/emailMonitoreo continuoReportes white-label

Arrastra y suelta tu archivo de dependencias

composer.lock, package-lock.json, requirements.txt, Gemfile.lock, pubspec.lock, Dockerfile...