PT-2026-40667 · F5 · Big-Ip

Published

2026-05-13

Updated

2026-05-17

CVE-2026-42058

CVSS v3.1

4.3

Medium

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Name of the Vulnerable Software and Affected Versions F5 BIG-IP versions prior to 17.1.3.2 F5 BIG-IP versions prior to 17.5.1.6 F5 BIG-IP versions prior to 21.0.0.2

Description An authenticated attacker can send undisclosed requests to the 'iControl REST' endpoint, which may result in an information leak of local user account names.

Recommendations Update to version 17.1.3.2 or later. Update to version 17.5.1.6 or later. Update to version 21.0.0.2 or later.

Fix

Incorrect Permission

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-732

Related Identifiers

CVE-2026-42058

Affected Products

Big-Ip

PT-2026-40667 · F5 · Big-Ip

CVE-2026-42058

Weakness Enumeration

Related Identifiers

Affected Products

References · 3