Primary

Context

F5 BIG-IP and BIG-IQ Sensitive Information Disclosure Vulnerability

Vulnerability

Patched

A vulnerability allowing sensitive information disclosure exists in an undisclosed iControl REST endpoint and TMOS Shell (tmsh) command. This issue may enable an authenticated attacker with resource administrator role privileges to view sensitive information. The vulnerability is present in specific versions of F5 BIG-IP and BIG-IQ software that have not reached End of Technical Support (EoTS).

Impact

Exploitation of this vulnerability could allow an authenticated attacker with resource administrator role privileges to access sensitive information. This issue affects the control plane only, with no data plane exposure.

Remediation

Users can upgrade to a version that addresses this vulnerability. For BIG-IP, versions 17.5.1.4 and 17.1.3.1 are available. BIG-IQ users can upgrade to version 8.4.1. For more information about managing F5 product hotfixes, refer to the F5 BIG-IQ hotfix and point release matrix.

Added: May 13, 2026, 6:01 PM

Updated: May 13, 2026, 6:01 PM

Vulnerability Rating

Custom Algorithm

spread

4.5

impact

2.5

exploitability

3.8

remediation

8.3

relevance

8.2

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

4.5

impact

2.5

exploitability

3.8

remediation

8.3

relevance

8.2

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

F5 BIG-IP and BIG-IQ Sensitive Information Disclosure Vulnerability

Vulnerability

Impact

Remediation

Affected Products

F5 iControl REST

F5 TMOS Shell

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating