Primary

Context

F5 BIG-IP Improper Sanitization Vulnerability in QKView Utility Allowing Sensitive Information Disclosure

Vulnerability

A vulnerability has been identified in the F5 BIG-IP QKView utility, where improper sanitization allows a low-privileged attacker to access sensitive information from a QKView file. This issue affects multiple BIG-IP branches, specifically versions 17.5.0 to 17.5.1, 17.1.0 to 17.1.3, and 16.1.0 to 16.1.6. Notably, F5 BIG-IQ Centralized Management version 8.4.0 is also vulnerable.

Impact

Exploitation of this vulnerability could lead to unauthorized access to sensitive information contained within QKView files.

Remediation

Users can upgrade to BIG-IP versions 17.5.1.4 or 17.1.3.1 to address this vulnerability. For BIG-IQ Centralized Management, upgrading to version 8.4.1 is recommended. Consult the F5 BIG-IP hotfix and point release matrix for more details.

Added: May 13, 2026, 6:03 PM

Updated: May 13, 2026, 6:03 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

3.3

remediation

0.0

relevance

8.3

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

3.3

remediation

0.0

relevance

8.3

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

F5 BIG-IP Improper Sanitization Vulnerability in QKView Utility Allowing Sensitive Information Disclosure

Vulnerability

Impact

Remediation

Affected Products

F5 BIG-IP QKView

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating