VDB
CVE-2026-41954
CVE-2026-41954
PUBLISHED
CVSS 4.900000095367432 MEDIUM
Sensitive information disclosure vulnerability exists in the undisclosed iControl REST endpoint and TMOS Shell (tmsh) command which may allow an authenticated attacker with resource administrator role privileges to view sensitive information. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
EPSS 0.07% · 21.5th percentile
Risk Scores
CVSS 3.1
4.900000095367432
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
EPSS Score
0.07%
21.5th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| F5 | BIG-IQ | 8.4.0 |
| F5 | BIG-IP | 21.1.0, 17.5.0, 16.1.0 |
Timeline
- May 13, 2026 CVE Published
- May 13, 2026 CVE Updated
- May 15, 2026 Security Advisory
- May 18, 2026 EPSS Score
- May 19, 2026 EPSS Score
- May 20, 2026 EPSS Score
- May 21, 2026 EPSS Score
- May 22, 2026 EPSS Score
- May 23, 2026 EPSS Score
- May 24, 2026 EPSS Score
- May 25, 2026 EPSS Score
- May 26, 2026 EPSS Score
References
- https://my.f5.com/manage/s/article/K32950402 vendor-advisory
- https://nvd.nist.gov/vuln/detail/CVE-2026-41954 advisory