PT-2026-40678 · F5 · Big-Ip
Published
2026-05-13
·
Updated
2026-05-17
·
CVE-2026-42930
CVSS v3.1
8.7
High
| Vector | AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N |
Name of the Vulnerable Software and Affected Versions
F5 BIG-IP versions prior to 17.1.3.2
F5 BIG-IP versions prior to 17.5.1.6
F5 BIG-IP versions prior to 21.0.0.2
Description
When operating in Appliance mode, an authenticated attacker with the 'Administrator' role can bypass system restrictions through a path traversal issue. Path traversal is a technique that allows an attacker to access files and directories that are stored outside the web root folder by manipulating variables and parameters.
Recommendations
Update F5 BIG-IP to version 17.1.3.2 or later.
Update F5 BIG-IP to version 17.5.1.6 or later.
Update F5 BIG-IP to version 21.0.0.2 or later.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Big-Ip