PT-2026-40670 · F5 · Big-Ip

Published

2026-05-13

Updated

2026-05-17

CVE-2026-42408

CVSS v3.1

4.4

Medium

Vector

AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions F5 BIG-IP versions prior to 17.1.3.1 F5 BIG-IP versions prior to 17.5.1.4

Description When BIG-IP DNS is provisioned, a flaw in an undisclosed TMOS Shell (tmsh) command may allow a highly privileged authenticated attacker to view sensitive information. This issue involves the cleartext storage of data within an unknown function.

Recommendations Update to version 17.1.3.1 or later. Update to version 17.5.1.4 or later.

Fix

Cleartext Storage of Sensitive Information

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-312

Related Identifiers

CVE-2026-42408

Affected Products

Big-Ip

PT-2026-40670 · F5 · Big-Ip

CVE-2026-42408

Weakness Enumeration

Related Identifiers

Affected Products

References · 3