CVE-2026-40698: Privilege Escalation in F5 BIG-IP
Plateforme
linux
Composant
bigip
Corrigé dans
21.0.0.2
CVE-2026-40698 describes a privilege escalation vulnerability in F5 BIG-IP and BIG-IQ systems. A highly privileged, authenticated attacker, possessing at least the Resource Administrator role, can leverage this flaw to create malicious SNMP configuration objects. This can lead to unauthorized access and control of the system, potentially compromising sensitive data and system integrity. Affected versions include those between 16.1.0 and 21.0.0.2, with a fix available in version 21.0.0.2.
Impact et Scénarios d'Attaquetraduction en cours…
The impact of CVE-2026-40698 is significant due to the potential for privilege escalation. An attacker who can successfully exploit this vulnerability can gain control over the BIG-IP or BIG-IQ system, effectively bypassing existing security controls. This could allow them to modify configurations, access sensitive data (such as user credentials, network traffic logs, and application data), and potentially pivot to other systems within the network. The ability to create SNMP configuration objects provides a flexible attack vector, allowing attackers to tailor their actions to achieve specific objectives. Successful exploitation could lead to a complete compromise of the affected system and its associated data, similar to scenarios where attackers leverage misconfigured administrative interfaces to gain control.
Contexte d'Exploitationtraduction en cours…
CVE-2026-40698 was published on May 13, 2026. The vulnerability's exploitation probability is currently assessed as medium due to the requirement for authenticated access with a specific role. No public exploits or active campaigns have been reported at the time of writing. The vulnerability is not currently listed on KEV (Known Exploited Vulnerabilities) catalogs. Monitor security advisories and threat intelligence feeds for any updates regarding exploitation activity.
Renseignement sur les Menaces
Statut de l'Exploit
CISA SSVC
Vecteur CVSS
Que signifient ces métriques?
- Attack Vector
- Réseau — exploitable à distance via internet. Aucun accès physique ou local requis.
- Attack Complexity
- Faible — aucune condition spéciale requise. Exploitable de manière fiable.
- Privileges Required
- Élevé — un compte administrateur ou privilégié est requis.
- User Interaction
- Aucune — attaque automatique et silencieuse. La victime ne fait rien.
- Scope
- Modifié — l'attaque peut pivoter au-delà du composant vulnérable.
- Confidentiality
- Élevé — perte totale de confidentialité. L'attaquant peut lire toutes les données.
- Integrity
- Élevé — l'attaquant peut écrire, modifier ou supprimer toutes les données.
- Availability
- Aucun — aucun impact sur la disponibilité.
Logiciel Affecté
Classification de Faiblesse (CWE)
Chronologie
- Réservé
- Publiée
Mitigation et Contournementstraduction en cours…
The primary mitigation for CVE-2026-40698 is to upgrade to F5 BIG-IP or BIG-IQ version 21.0.0.2 or later. If an immediate upgrade is not feasible, consider implementing temporary workarounds. Restricting access to iControl REST and the TMOS shell (tmsh) to only authorized personnel can reduce the attack surface. Review and audit existing SNMP configurations to identify and remove any suspicious or unauthorized objects. Implement strict role-based access controls to limit the number of users with the Resource Administrator role. Monitor iControl REST and tmsh activity for any unusual or unauthorized configuration changes. After upgrading, verify the fix by attempting to create an SNMP configuration object with a non-administrative user account; the attempt should be rejected.
Comment corrigertraduction en cours…
Actualice a una versión corregida de BIG-IP o BIG-IQ. F5 ha lanzado parches para abordar esta vulnerabilidad. Consulte la documentación de F5 para obtener instrucciones detalladas sobre cómo aplicar las actualizaciones y mitigar el riesgo.
Questions fréquentestraduction en cours…
What is CVE-2026-40698 — Privilege Escalation in F5 BIG-IP?
CVE-2026-40698 is a HIGH severity vulnerability affecting F5 BIG-IP and BIG-IQ systems. It allows an authenticated attacker with the Resource Administrator role to escalate privileges by creating malicious SNMP configurations.
Am I affected by CVE-2026-40698 in F5 BIG-IP?
You are affected if you are running F5 BIG-IP or BIG-IQ versions between 16.1.0 and 21.0.0.2. Check your version and upgrade as soon as possible.
How do I fix CVE-2026-40698 in F5 BIG-IP?
Upgrade to F5 BIG-IP or BIG-IQ version 21.0.0.2 or later. Implement temporary workarounds like restricting access to iControl REST and tmsh if an immediate upgrade is not possible.
Is CVE-2026-40698 being actively exploited?
Currently, there are no reports of active exploitation or public exploits for CVE-2026-40698, but continuous monitoring is recommended.
Where can I find the official F5 advisory for CVE-2026-40698?
Refer to the official F5 security advisory for CVE-2026-40698 on the F5 website (https://www.f5.com/security/center/alerts/all/57486).
Ton projet est-il affecté ?
Téléverse ton fichier de dépendances et découvre instantanément si cette CVE et d'autres te touchent.
Essayez maintenant — sans compte
scanZone.subtitle
Glissez-déposez votre fichier de dépendances
composer.lock, package-lock.json, requirements.txt, Gemfile.lock, pubspec.lock, Dockerfile...