CVE Catalog
CVE-2026-42058
MediumCVSS 4.3Exploitation Probability (EPSS)
Low risk0.19%
8th percentile - higher than 8% of all known CVEs
Summary
An authenticated attacker's undisclosed requests to BIG-IP iControl REST can lead to an information leak of BIG-IP local user account names.
Risk Assessment
The leak of user account names may allow attackers to conduct further attacks on the system, increasing the risk of unauthorized access.
Recommendation
It is recommended to monitor and restrict access to the iControl REST interface and to update the software to supported versions.
Original NVD description (English source)
An authenticated attacker's undisclosed requests to BIG-IP iControl REST can lead to an information leak of BIG-IP local user account names. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

