PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-42924 F5 CVE debrief

CVE-2026-42924 is a high-severity vulnerability in F5 BIG-IP products that allows authenticated attackers with the Resource Administrator or Administrator role to create SNMP configuration objects through iControl SOAP, resulting in privilege escalation. The vulnerability has a CVSS score of 8.5 and is considered HIGH. Multiple versions of BIG-IP products are affected, including 16.1.0 through 16.1.6, 17.1.0 through 17.1.3, and 17.5.0 through 17.5.1.

Vendor
F5
Product
BIG-IP
CVSS
HIGH 8.5
CISA KEV
Not listed in stored evidence
Original CVE published
2026-05-13
Original CVE updated
2026-06-18
Advisory published
2026-05-13
Advisory updated
2026-06-18

Who should care

Organizations using F5 BIG-IP products, particularly those with versions 16.1.0 through 16.1.6, 17.1.0 through 17.1.3, and 17.5.0 through 17.5.1, should be aware of this vulnerability and take steps to mitigate it. This includes administrators, security teams, and IT professionals responsible for managing and securing BIG-IP products.

Technical summary

The vulnerability exists in the iControl SOAP interface of F5 BIG-IP products, allowing authenticated attackers with specific roles to create SNMP configuration objects. This can lead to privilege escalation, potentially allowing attackers to gain higher-level access to the system. The vulnerability is identified as CWE-78 and has been analyzed and documented by the National Vulnerability Database (NVD).

Defensive priority

High

Recommended defensive actions

  • Apply patches or updates provided by F5 to address the vulnerability.
  • Restrict access to the iControl SOAP interface to only necessary personnel.
  • Monitor system logs for suspicious activity related to SNMP configuration object creation.
  • Implement additional security controls, such as multi-factor authentication, for administrators.
  • Consider compensating controls, such as network segmentation, if patching is not immediately feasible.

Evidence notes

The CVE record was published on 2026-05-13T16:16:49.517Z and has been modified on 2026-06-18T13:55:02.443Z. The NVD entry is currently Analyzed. F5 has provided mitigation guidance through their support article K000160926.

Official resources

AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-05-13T16:16:49.517Z and has not been modified since then. The NVD entry is currently Analyzed.