PatchSiren cyber security CVE debrief
CVE-2026-40698 F5 CVE debrief
CVE-2026-40698 is a high-severity vulnerability in BIG-IP and BIG-IQ systems that allows a highly privileged, authenticated attacker with at least the Resource Administrator role to create SNMP configuration objects through iControl REST or the TMOS shell (tmsh), resulting in privilege escalation. This vulnerability has a CVSS score of 8.5 and is considered HIGH. The vulnerability affects multiple versions of BIG-IP and BIG-IQ, including those that have reached End of Technical Support (EoTS). F5 has provided mitigation guidance for affected systems.
- Vendor
- F5
- Product
- BIG-IP
- CVSS
- HIGH 8.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-05-13
- Original CVE updated
- 2026-06-29
- Advisory published
- 2026-05-13
- Advisory updated
- 2026-06-29
Who should care
Organizations using BIG-IP and BIG-IQ systems should prioritize patching this vulnerability, especially if they have users with highly privileged roles. The vulnerability requires authentication and a specific role, but successful exploitation can lead to significant privilege escalation. Security teams should review their inventory of BIG-IP and BIG-IQ systems and ensure that all affected versions are patched or mitigated.
Technical summary
The vulnerability exists in BIG-IP and BIG-IQ systems where a highly privileged, authenticated attacker with at least the Resource Administrator role can create SNMP configuration objects through iControl REST or the TMOS shell (tmsh), resulting in privilege escalation. The Common Vulnerability Scoring System (CVSS) score for this vulnerability is 8.5, indicating a high level of severity. The vulnerability is tracked as CVE-2026-40698 and affects various versions of BIG-IP and BIG-IQ. Software versions that have reached End of Technical Support (EoTS) are not evaluated.
Defensive priority
Patching is the primary recommended action for CVE-2026-40698. Organizations should prioritize patching affected BIG-IP and BIG-IQ systems, especially those with users holding highly privileged roles. In the absence of a patch, defenders can consider restricting access to iControl REST and TMOS shell (tmsh) interfaces to limit the attack surface.
Recommended defensive actions
- Apply patches or updates provided by F5 for affected BIG-IP and BIG-IQ systems.
- Restrict access to iControl REST and TMOS shell (tmsh) interfaces to minimize the attack surface.
- Monitor system logs for suspicious activity related to SNMP configuration object creation.
- Review and limit the number of users with highly privileged roles, such as Resource Administrator.
- Implement additional security controls, such as multi-factor authentication, for users with elevated privileges.
Evidence notes
The CVE-2026-40698 vulnerability is documented in the official CVE record and NVD detail pages. F5 has provided mitigation guidance for affected systems. The vulnerability affects multiple versions of BIG-IP and BIG-IQ, including those that have reached End of Technical Support (EoTS).
Official resources
-
CVE-2026-40698 CVE record
CVE.org
-
CVE-2026-40698 NVD detail
NVD
-
Source item URL
nvd_modified
-
Mitigation or vendor reference
[email protected] - Mitigation, Vendor Advisory
This article was AI-assisted and based on supplied source corpus.