CVE-2026-40061 F5 CVE debrief

Who should care

Organizations using BIG-IP DNS, particularly those with Appliance mode deployments, should be concerned about this vulnerability. Attackers with authenticated access and the Resource Administrator or Administrator role could exploit this vulnerability to execute system commands with elevated privileges, potentially leading to unauthorized access and control.

Technical summary

The vulnerability exists in the iControl REST and BIG-IP TMOS Shell (tmsh) commands of BIG-IP DNS. An authenticated attacker with specific roles can execute arbitrary system commands with higher privileges. This could lead to a security boundary crossing in Appliance mode deployments. The CVSS vector for this vulnerability is CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X.

Defensive priority

Immediate attention is required to address this HIGH-severity vulnerability. Organizations should prioritize patching or mitigating this vulnerability to prevent potential exploitation.

Recommended defensive actions

• Apply patches or updates provided by F5 to address the vulnerability.
• Implement compensating controls to monitor and restrict access to BIG-IP DNS systems.
• Conduct thorough inventory checks to identify and update vulnerable systems.
• Enforce strict access controls and role-based access to limit the attack surface.
• Monitor system logs and network activity for suspicious commands or behavior.

Evidence notes

The CVE record and NVD detail provide information on the vulnerability, its severity, and affected versions. F5 has provided mitigation and vendor advisory information. The vulnerability is considered HIGH severity with a CVSS score of 8.5.

Official resources