Volerion logoVolerion
Volerion logoVolerion

F5 BIG-IP and BIG-IQ iControl SOAP Privilege Escalation Vulnerability

Vulnerability

A vulnerability exists in the iControl SOAP interface of F5 BIG-IP and BIG-IQ products, allowing authenticated users to potentially access information from other accounts. This issue is limited to the control plane and does not affect the data plane. The vulnerability is present in specific versions of BIG-IP and BIG-IQ that have not reached the End of Technical Support (EoTS) phase.

Impact

Exploitation of this vulnerability could lead to unauthorized information disclosure between user accounts on the affected system.

Remediation

Users can upgrade to versions 21.0.0.1 or 17.5.1.4 for BIG-IP, or 17.1.3.1 for BIG-IP 17.1.x releases. For BIG-IQ, no specific version is available, but users should consult the F5 product and services lifecycle policy index for guidance.

Added: May 13, 2026, 6:37 PM
Updated: May 13, 2026, 6:37 PM

Vulnerability Rating

Custom Algorithm
spread
3.4
impact
2.5
exploitability
5.4
remediation
7.9
relevance
7.8
threat
0.0
urgency
2.9
incentive
0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.