VDB

CVE-2026-41954

CVE-2026-41954 PUBLISHED CVSS 4.900000095367432 MEDIUM

Sensitive information disclosure vulnerability exists in the undisclosed iControl REST endpoint and TMOS Shell (tmsh) command which may allow an authenticated attacker with resource administrator role privileges to view sensitive information.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

EPSS 0.07% · 21.5th percentile

Risk Scores

CVSS 3.1
4.900000095367432
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
EPSS Score
0.07%
21.5th percentile

Affected Products

VendorProductVersions
F5BIG-IQ8.4.0
F5BIG-IP21.1.0, 17.5.0, 16.1.0

Timeline

  • May 13, 2026 CVE Published
  • May 13, 2026 CVE Updated
  • May 15, 2026 Security Advisory
  • May 18, 2026 EPSS Score
  • May 19, 2026 EPSS Score
  • May 20, 2026 EPSS Score
  • May 21, 2026 EPSS Score
  • May 22, 2026 EPSS Score
  • May 23, 2026 EPSS Score
  • May 24, 2026 EPSS Score
  • May 25, 2026 EPSS Score
  • May 26, 2026 EPSS Score
Open in Interactive Console →
$ Console Community · 100/wk Open console ›