CVE Catalog

CVE-2026-42058

MediumCVSS 4.3
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.19%

8th percentile - higher than 8% of all known CVEs

Summary

An authenticated attacker's undisclosed requests to BIG-IP iControl REST can lead to an information leak of BIG-IP local user account names.

Risk Assessment

The leak of user account names may allow attackers to conduct further attacks on the system, increasing the risk of unauthorized access.

Recommendation

It is recommended to monitor and restrict access to the iControl REST interface and to update the software to supported versions.

Original NVD description (English source)

An authenticated attacker's undisclosed requests to BIG-IP iControl REST can lead to an information leak of BIG-IP local user account names.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS