CVE Vulnerability Catalog
Translated CVE descriptions from NVD NIST - in English
CISA KEV catalog updated: (v2026.07.13)
A vulnerability exists in BIG-IP systems that may allow an authenticated attacker with administrative access to escalate their privileges. A successful exploit may allow the attacker to cross a security boundary.
When ePVA (embedded Packet Velocity Acceleration) is configured, undisclosed local ethernet traffic can lead to increased resource utilization of ePVA and Traffic Management Microkernel (TMM).
A directory traversal vulnerability exists in BIG-IP SSL Orchestrator that allows an authenticated attacker with high privilege to overwrite, delete or corrupt arbitrary local files.
A vulnerability exists in an undisclosed TMOS Shell (tmsh) command in BIG-IP DNS that may allow a highly privileged authenticated attacker to view sensitive information.
A vulnerability exists in iControl SOAP that allows an authenticated attacker with the Resource Administrator or Administrator role to download sensitive files.
An authenticated attacker's undisclosed requests to BIG-IP iControl REST can lead to an information leak of BIG-IP local user account names.
Vulnerabilities related to incorrect permission assignment exist in BIG-IP and BIG-IQ TMOS Shell (tmsh) network diagnostics commands and in BIG-IP iControl REST. These vulnerabilities may allow an authenticated attacker to view the network status of destination systems.
CVE-2026-41954 describes a sensitive information disclosure vulnerability in an undisclosed iControl REST endpoint and TMOS Shell (tmsh) command. This allows an authenticated attacker with resource administrator role privileges to view sensitive information.
An improper sanitization vulnerability exists in the BIG-IP QKView utility that allows a low-privileged attacker to read sensitive information from a QKView file.
A cross-site request forgery (CSRF) vulnerability exists in the dashboard of the BIG-IP Configuration utility. This affects software versions that have not reached End of Technical Support (EoTS).
NGINX Plus and NGINX Open Source have a vulnerability in the ngx_http_ssl_module when the ssl_verify_client directive is set to 'on' or 'optional,' and the ssl_ocsp directive is set to 'on' or the leaf parameters are configured with a resolver. In this configuration, an unauthenticated attacker can send requests that may cause a heap-use-after-free error in the NGINX worker process.
A vulnerability exists in the undisclosed pages in the Configuration utility that may allow a low-privileged authenticated attacker to access undisclosed sensitive information.
Incorrect permission assignment vulnerabilities exist in iControl REST and TMOS shell (tmsh) undisclosed command, allowing an authenticated attacker to view sensitive information.
In NGINX Plus and NGINX Open Source with the HTTP/3 QUIC module enabled, an attacker can spoof their source IP address, bypassing authorization or rate limiting.
A vulnerability in the httpd server causes IP-based access restrictions to not cover all endpoints when configured. This may allow connections from addresses that should be blocked.
The U-SPEED AC1200 Gigabit Wi-Fi Router (Model T18-21K) V1.0 has an Incorrect Access Control vulnerability. The device exposes a UART interface without authentication, authorization, or access control mechanisms. An attacker with physical access to the UART pins can connect and gain unrestricted access to device functionality.
An authenticated iControl SOAP user may be able to obtain information of other accounts. The vulnerability affects software versions that have not reached End of Technical Support.
A vulnerability in BFD (Bidirectional Forwarding Detection) configured in static and dynamic routing protocols causes undisclosed traffic to stop BFD packet processing by the Traffic Management Microkernel (TMM). This leads to a failover of the configured routing protocol.
A path injection vulnerability exists in OpenPLC v3 (commit 2c82b0e79c53f8c1f1458eee15fec173400d6e1a). The binary compiled from glue_generator.cpp does not validate file path parameters from the command line, allowing an attacker to read arbitrary files.
When BIG-IP DNS is provisioned, a vulnerability in the gtm_add and bigip_add iControl REST commands returns the ssh-password parameter in cleartext in the REST response and logs it in the audit log. This allows a highly privileged, authenticated attacker with audit log access to view sensitive information.

