CVE-2026-41957 F5 CVE debrief

Who should care

Organizations using F5 BIG-IP and BIG-IQ products, especially versions 16.1.0 through 17.1.3 and 17.5.0 through 17.5.1, should assess their exposure and apply necessary mitigations. This includes reviewing current configurations, ensuring proper authentication measures are in place, and closely monitoring network activity for suspicious behavior.

Technical summary

The vulnerability exists in the BIG-IP and BIG-IQ Configuration utility, allowing for authenticated remote code execution. Multiple versions of various BIG-IP products are affected, including BIG-IP Access Policy Manager, Advanced Firewall Manager, Advanced Web Application Firewall, and others. The Common Vulnerabilities and Exposures (CVE) score is 8.7, classified as HIGH severity. The CVSS vector is CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X.

Defensive priority

High priority due to high CVSS score and authentication bypass requirement.

Recommended defensive actions

• Review and apply vendor-provided mitigations and patches.
• Inventory BIG-IP and BIG-IQ systems to identify exposure.
• Limit exposure by ensuring proper authentication and access controls are in place.
• Monitor network activity for suspicious behavior.
• Review current configurations and ensure they align with security best practices.

Evidence notes

The primary evidence for this vulnerability comes from the CVE record and NVD detail pages. The CVE was published on May 13, 2026, and last modified on June 23, 2026. Multiple CPE criteria indicate a wide range of BIG-IP and BIG-IQ products are affected, including versions 16.1.0 through 17.1.3 and 17.5.0 through 17.5.1. Defenders should verify the affected products and versions from official sources.

Official resources