PT-2026-40654 · F5 · Big-Ip
Published
2026-05-13
·
Updated
2026-05-17
·
CVE-2026-40699
CVSS v3.1
6.5
Medium
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
F5 BIG-IP versions prior to 17.1.3.1
F5 BIG-IP versions prior to 17.5.1.4
F5 BIG-IP versions prior to 21.0.0.1
Description
An xpath injection issue exists in undisclosed pages of the Configuration utility. This allows a low-privileged authenticated attacker to access undisclosed sensitive information. XPath injection is a technique where an attacker inserts malicious expressions into an XML query to manipulate the data returned by the application.
Recommendations
Update to version 17.1.3.1 or later.
Update to version 17.5.1.4 or later.
Update to version 21.0.0.1 or later.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Big-Ip