CVE-2026-41959
MediumCVSS 6.5Exploitation Probability (EPSS)
Low risk10th percentile - higher than 10% of all known CVEs
Summary
Vulnerabilities related to incorrect permission assignment exist in BIG-IP and BIG-IQ TMOS Shell (tmsh) network diagnostics commands and in BIG-IP iControl REST. These vulnerabilities may allow an authenticated attacker to view the network status of destination systems.
Risk Assessment
The organization may be exposed to the disclosure of network status information, potentially leading to further attacks or security breaches.
Recommendation
It is recommended to update the software to the latest version that has not reached End of Technical Support to minimize the risk associated with these vulnerabilities.
Original NVD description (English source)
Incorrect permission assignment vulnerabilities exist in BIG-IP and BIG-IQ TMOS Shell (tmsh) network diagnostics commands and in BIG-IP iControl REST. These vulnerabilities may allow an authenticated attacker to view the network status of destination systems. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

