CVE-2026-40631: Privilege Escalation in F5 BIG-IP

Successful exploitation of CVE-2026-40631 allows an attacker to gain elevated privileges within the F5 BIG-IP system. This could enable them to modify critical configurations, bypass security controls, and potentially gain complete control of the device. The attacker would need to be authenticated with either the Resource Administrator or Administrator role to exploit this vulnerability. The blast radius extends to any data or services managed by the BIG-IP, including web applications, load balancing configurations, and security policies. Compromise could lead to data breaches, denial of service, or further lateral movement within the network.

1. आरक्षित2026-04-30
2. प्रकाशित2026-05-13

The primary mitigation for CVE-2026-40631 is to upgrade to F5 BIG-IP version 21.0.0.2 or later. If immediate upgrade is not possible, consider implementing stricter access controls to limit the number of users with Resource Administrator or Administrator privileges. Review iControl SOAP access and consider restricting it to only necessary users and systems. Implement Web Application Firewall (WAF) rules to detect and block suspicious iControl SOAP requests. Monitor iControl SOAP logs for unusual activity, specifically looking for configuration modification attempts from unauthorized sources. After upgrade, confirm the fix by attempting to modify a configuration object via iControl SOAP with a lower-privileged account; the modification should be denied.