VDB
GCVE-110-NCSC-2026-162
GCVE-110-NCSC-2026-162
Advisory PublishedCVSS 6.8/10
A directory traversal vulnerability in an undisclosed iControl REST endpoint in Appliance mode may allow an authenticated administrator to bypass security boundaries and delete files.
Weaknesses (CWE)
CWE-416Use After FreeCWE-352Cross-Site Request Forgery (CSRF)CWE-35Path Traversal: '.../...//'CWE-312Cleartext Storage of Sensitive InformationCWE-250Execution with Unnecessary PrivilegesCWE-78Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')CWE-266Incorrect Privilege AssignmentCWE-772Missing Release of Resource after Effective LifetimeCWE-824Access of Uninitialized PointerCWE-272Least Privilege ViolationCWE-252Unchecked Return ValueCWE-77Improper Neutralization of Special Elements used in a Command ('Command Injection')CWE-120Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')CWE-770Allocation of Resources Without Limits or ThrottlingCWE-420Unprotected Alternate ChannelCWE-732Incorrect Permission Assignment for Critical ResourceCWE-131Incorrect Calculation of Buffer SizeCWE-552Files or Directories Accessible to External PartiesCWE-643Improper Neutralization of Data within XPath Expressions ('XPath Injection')CWE-532Insertion of Sensitive Information into Log FileCWE-648Incorrect Use of Privileged APIsCWE-121Stack-based Buffer OverflowCWE-502Deserialization of Untrusted DataCWE-267Privilege Defined With Unsafe ActionsCWE-476NULL Pointer DereferenceCWE-22Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')CWE-835Loop with Unreachable Exit Condition ('Infinite Loop')
Risk Scores
CVSS 3.1
6.8/10
Medium · CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:H/A:N
Affected Products
| Vendor | Product | Versions | Platforms |
|---|---|---|---|
| F5 | vers:unknown/* | — | — |
Aliases
CVE-2026-24464CVE-2026-28758CVE-2026-32643CVE-2026-32673CVE-2026-34176CVE-2026-35062CVE-2026-39455CVE-2026-39458CVE-2026-39459CVE-2026-40060CVE-2026-40061CVE-2026-40067CVE-2026-40423CVE-2026-40435CVE-2026-40462CVE-2026-40618CVE-2026-40629CVE-2026-40631CVE-2026-40698CVE-2026-40699CVE-2026-40703CVE-2026-41217CVE-2026-41218CVE-2026-41219CVE-2026-41225CVE-2026-41227CVE-2026-41953CVE-2026-41954CVE-2026-41956CVE-2026-41957CVE-2026-41959CVE-2026-42058CVE-2026-42063CVE-2026-42406CVE-2026-42408CVE-2026-42409CVE-2026-42780CVE-2026-42781CVE-2026-42919CVE-2026-42920CVE-2026-42924CVE-2026-42930CVE-2026-42937
References
Browse GCVE Records
73,685 records in the GCVE database · Updated July 18, 2026
No matching records found.
Explore Further
Investigate this vulnerability in the interactive console or download the raw GCVE record.