CVE-2026-40698: Privilege Escalation in F5 BIG-IP
Plataforma
linux
Componente
bigip
Corrigido em
21.0.0.2
CVE-2026-40698 describes a privilege escalation vulnerability in F5 BIG-IP and BIG-IQ systems. A highly privileged, authenticated attacker, possessing at least the Resource Administrator role, can leverage this flaw to create malicious SNMP configuration objects. This can lead to unauthorized access and control of the system, potentially compromising sensitive data and system integrity. Affected versions include those between 16.1.0 and 21.0.0.2, with a fix available in version 21.0.0.2.
Impacto e Cenários de Ataquetraduzindo…
The impact of CVE-2026-40698 is significant due to the potential for privilege escalation. An attacker who can successfully exploit this vulnerability can gain control over the BIG-IP or BIG-IQ system, effectively bypassing existing security controls. This could allow them to modify configurations, access sensitive data (such as user credentials, network traffic logs, and application data), and potentially pivot to other systems within the network. The ability to create SNMP configuration objects provides a flexible attack vector, allowing attackers to tailor their actions to achieve specific objectives. Successful exploitation could lead to a complete compromise of the affected system and its associated data, similar to scenarios where attackers leverage misconfigured administrative interfaces to gain control.
Contexto de Exploraçãotraduzindo…
CVE-2026-40698 was published on May 13, 2026. The vulnerability's exploitation probability is currently assessed as medium due to the requirement for authenticated access with a specific role. No public exploits or active campaigns have been reported at the time of writing. The vulnerability is not currently listed on KEV (Known Exploited Vulnerabilities) catalogs. Monitor security advisories and threat intelligence feeds for any updates regarding exploitation activity.
Inteligência de Ameaças
Status do Exploit
CISA SSVC
Vetor CVSS
O que significam essas métricas?
- Attack Vector
- Rede — explorável remotamente pela internet. Sem acesso físico ou local necessário.
- Attack Complexity
- Baixa — sem condições especiais. O atacante pode explorar de forma confiável.
- Privileges Required
- Alto — conta de administrador ou privilegiada necessária.
- User Interaction
- Nenhuma — ataque automático e silencioso. A vítima não faz nada.
- Scope
- Alterado — o ataque pode pivotar para além do componente vulnerável.
- Confidentiality
- Alto — perda total de confidencialidade. O atacante pode ler todos os dados.
- Integrity
- Alto — o atacante pode escrever, modificar ou excluir qualquer dado.
- Availability
- Nenhum — sem impacto na disponibilidade.
Software Afetado
Classificação de Fraqueza (CWE)
Linha do tempo
- Reservado
- Publicada
Mitigação e Soluções Alternativastraduzindo…
The primary mitigation for CVE-2026-40698 is to upgrade to F5 BIG-IP or BIG-IQ version 21.0.0.2 or later. If an immediate upgrade is not feasible, consider implementing temporary workarounds. Restricting access to iControl REST and the TMOS shell (tmsh) to only authorized personnel can reduce the attack surface. Review and audit existing SNMP configurations to identify and remove any suspicious or unauthorized objects. Implement strict role-based access controls to limit the number of users with the Resource Administrator role. Monitor iControl REST and tmsh activity for any unusual or unauthorized configuration changes. After upgrading, verify the fix by attempting to create an SNMP configuration object with a non-administrative user account; the attempt should be rejected.
Como corrigirtraduzindo…
Actualice a una versión corregida de BIG-IP o BIG-IQ. F5 ha lanzado parches para abordar esta vulnerabilidad. Consulte la documentación de F5 para obtener instrucciones detalladas sobre cómo aplicar las actualizaciones y mitigar el riesgo.
Perguntas frequentestraduzindo…
What is CVE-2026-40698 — Privilege Escalation in F5 BIG-IP?
CVE-2026-40698 is a HIGH severity vulnerability affecting F5 BIG-IP and BIG-IQ systems. It allows an authenticated attacker with the Resource Administrator role to escalate privileges by creating malicious SNMP configurations.
Am I affected by CVE-2026-40698 in F5 BIG-IP?
You are affected if you are running F5 BIG-IP or BIG-IQ versions between 16.1.0 and 21.0.0.2. Check your version and upgrade as soon as possible.
How do I fix CVE-2026-40698 in F5 BIG-IP?
Upgrade to F5 BIG-IP or BIG-IQ version 21.0.0.2 or later. Implement temporary workarounds like restricting access to iControl REST and tmsh if an immediate upgrade is not possible.
Is CVE-2026-40698 being actively exploited?
Currently, there are no reports of active exploitation or public exploits for CVE-2026-40698, but continuous monitoring is recommended.
Where can I find the official F5 advisory for CVE-2026-40698?
Refer to the official F5 security advisory for CVE-2026-40698 on the F5 website (https://www.f5.com/security/center/alerts/all/57486).
Seu projeto está afetado?
Envie seu arquivo de dependências e descubra na hora se esta e outras CVEs te atingem.
Experimente agora — sem conta
Faça upload de qualquer manifesto (composer.lock, package-lock.json, lista de plugins WordPress…) ou cole sua lista de componentes. Receba um relatório de vulnerabilidades instantaneamente. Fazer upload de um arquivo é só o começo: com uma conta, você obtém monitoramento contínuo, alertas por Slack/email, relatórios multiprojeto e white-label.
Arraste e solte seu arquivo de dependências
composer.lock, package-lock.json, requirements.txt, Gemfile.lock, pubspec.lock, Dockerfile...