CVE-2026-20732 - Vulnerability Details

A vulnerability exists in an undisclosed BIG-IP Configuration utility page that may allow an attacker to spoof error messages. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

Attack Vector Network

Attack Complexity High

Privileges Required None

Attack Requirements None

User Interaction Passive

Vulnerable System Confidentiality Impact None

Vulnerable System Integrity Impact Low

Vulnerable System Availability Impact None

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact Low

Availability Impact None

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00055.

Exploitation none

Automatable no

Technical Impact partial

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

BIG-IP

unknown

Version	Status	Constraints
`21.0.0`	unaffected	< *
`17.5.0`	affected	< 17.5.1.4
`17.1.0`	affected	< 17.1.3.1
`16.1.0`	affected	< *

Configuration 1 [-]

OR	cpe:2.3:a:f5:big-ip_access_policy_manager::::::::
	cpe:2.3:a:f5:big-ip_advanced_firewall_manager::::::::
	cpe:2.3:a:f5:big-ip_advanced_web_application_firewall::::::::
	cpe:2.3:a:f5:big-ip_analytics::::::::
	cpe:2.3:a:f5:big-ip_application_acceleration_manager::::::::
	cpe:2.3:a:f5:big-ip_application_security_manager::::::::
	cpe:2.3:a:f5:big-ip_application_visibility_and_reporting::::::::
	cpe:2.3:a:f5:big-ip_automation_toolchain::::::::
	cpe:2.3:a:f5:big-ip_carrier-grade_nat::::::::
	cpe:2.3:a:f5:big-ip_container_ingress_services::::::::
	cpe:2.3:a:f5:big-ip_ddos_hybrid_defender::::::::
	cpe:2.3:a:f5:big-ip_domain_name_system::::::::
	cpe:2.3:a:f5:big-ip_edge_gateway::::::::
	cpe:2.3:a:f5:big-ip_fraud_protection_service::::::::
	cpe:2.3:a:f5:big-ip_global_traffic_manager::::::::
	cpe:2.3:a:f5:big-ip_link_controller::::::::
	cpe:2.3:a:f5:big-ip_local_traffic_manager::::::::
	cpe:2.3:a:f5:big-ip_policy_enforcement_manager::::::::
	cpe:2.3:a:f5:big-ip_ssl_orchestrator::::::::
	cpe:2.3:a:f5:big-ip_webaccelerator::::::::
	cpe:2.3:a:f5:big-ip_websafe::::::::

Configuration 2 [-]

OR	cpe:2.3:a:f5:big-ip_access_policy_manager::::::::
	cpe:2.3:a:f5:big-ip_access_policy_manager::::::::
	cpe:2.3:a:f5:big-ip_advanced_firewall_manager::::::::
	cpe:2.3:a:f5:big-ip_advanced_firewall_manager::::::::
	cpe:2.3:a:f5:big-ip_advanced_web_application_firewall::::::::
	cpe:2.3:a:f5:big-ip_advanced_web_application_firewall::::::::
	cpe:2.3:a:f5:big-ip_analytics::::::::
	cpe:2.3:a:f5:big-ip_analytics::::::::
	cpe:2.3:a:f5:big-ip_application_acceleration_manager::::::::
	cpe:2.3:a:f5:big-ip_application_acceleration_manager::::::::
	cpe:2.3:a:f5:big-ip_application_security_manager::::::::
	cpe:2.3:a:f5:big-ip_application_security_manager::::::::
	cpe:2.3:a:f5:big-ip_application_visibility_and_reporting::::::::
	cpe:2.3:a:f5:big-ip_application_visibility_and_reporting::::::::
	cpe:2.3:a:f5:big-ip_automation_toolchain::::::::
	cpe:2.3:a:f5:big-ip_automation_toolchain::::::::
	cpe:2.3:a:f5:big-ip_carrier-grade_nat::::::::
	cpe:2.3:a:f5:big-ip_carrier-grade_nat::::::::
	cpe:2.3:a:f5:big-ip_container_ingress_services::::::::
	cpe:2.3:a:f5:big-ip_container_ingress_services::::::::
	cpe:2.3:a:f5:big-ip_ddos_hybrid_defender::::::::
	cpe:2.3:a:f5:big-ip_ddos_hybrid_defender::::::::
	cpe:2.3:a:f5:big-ip_domain_name_system::::::::
	cpe:2.3:a:f5:big-ip_domain_name_system::::::::
	cpe:2.3:a:f5:big-ip_edge_gateway::::::::
	cpe:2.3:a:f5:big-ip_edge_gateway::::::::
	cpe:2.3:a:f5:big-ip_fraud_protection_service::::::::
	cpe:2.3:a:f5:big-ip_fraud_protection_service::::::::
	cpe:2.3:a:f5:big-ip_global_traffic_manager::::::::
	cpe:2.3:a:f5:big-ip_global_traffic_manager::::::::
	cpe:2.3:a:f5:big-ip_link_controller::::::::
	cpe:2.3:a:f5:big-ip_link_controller::::::::
	cpe:2.3:a:f5:big-ip_local_traffic_manager::::::::
	cpe:2.3:a:f5:big-ip_local_traffic_manager::::::::
	cpe:2.3:a:f5:big-ip_policy_enforcement_manager::::::::
	cpe:2.3:a:f5:big-ip_policy_enforcement_manager::::::::
	cpe:2.3:a:f5:big-ip_ssl_orchestrator::::::::
	cpe:2.3:a:f5:big-ip_ssl_orchestrator::::::::
	cpe:2.3:a:f5:big-ip_webaccelerator::::::::
	cpe:2.3:a:f5:big-ip_webaccelerator::::::::
	cpe:2.3:a:f5:big-ip_websafe::::::::
	cpe:2.3:a:f5:big-ip_websafe::::::::

No data.

Vendor	Product	Confidence	Versions
F5	Big-ip	—	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Subscriptions

Vendors	Products
F5 Subscribe	Big-ip Subscribe Big-ip Access Policy Manager Subscribe Big-ip Advanced Firewall Manager Subscribe Big-ip Advanced Web Application Firewall Subscribe Big-ip Analytics Subscribe Big-ip Application Acceleration Manager Subscribe Big-ip Application Security Manager Subscribe Big-ip Application Visibility And Reporting Subscribe Big-ip Automation Toolchain Subscribe Big-ip Carrier-grade Nat Subscribe Big-ip Container Ingress Services Subscribe Big-ip Ddos Hybrid Defender Subscribe Big-ip Domain Name System Subscribe Big-ip Edge Gateway Subscribe Big-ip Fraud Protection Service Subscribe Big-ip Global Traffic Manager Subscribe Big-ip Link Controller Subscribe Big-ip Local Traffic Manager Subscribe Big-ip Policy Enforcement Manager Subscribe Big-ip Ssl Orchestrator Subscribe Big-ip Webaccelerator Subscribe Big-ip Websafe Subscribe

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
https://my.f5.com/manage/s/article/K000156644

History

Fri, 13 Feb 2026 21:45:00 +0000

Type	Values Removed	Values Added
First Time appeared		F5 big-ip Access Policy Manager F5 big-ip Advanced Firewall Manager F5 big-ip Advanced Web Application Firewall F5 big-ip Analytics F5 big-ip Application Acceleration Manager F5 big-ip Application Security Manager F5 big-ip Application Visibility And Reporting F5 big-ip Automation Toolchain F5 big-ip Carrier-grade Nat F5 big-ip Container Ingress Services F5 big-ip Ddos Hybrid Defender F5 big-ip Domain Name System F5 big-ip Edge Gateway F5 big-ip Fraud Protection Service F5 big-ip Global Traffic Manager F5 big-ip Link Controller F5 big-ip Local Traffic Manager F5 big-ip Policy Enforcement Manager F5 big-ip Ssl Orchestrator F5 big-ip Webaccelerator F5 big-ip Websafe
Weaknesses		NVD-CWE-noinfo
CPEs		cpe:2.3:a:f5:big-ip_access_policy_manager:::::::: cpe:2.3:a:f5:big-ip_advanced_firewall_manager:::::::: cpe:2.3:a:f5:big-ip_advanced_web_application_firewall:::::::: cpe:2.3:a:f5:big-ip_analytics:::::::: cpe:2.3:a:f5:big-ip_application_acceleration_manager:::::::: cpe:2.3:a:f5:big-ip_application_security_manager:::::::: cpe:2.3:a:f5:big-ip_application_visibility_and_reporting:::::::: cpe:2.3:a:f5:big-ip_automation_toolchain:::::::: cpe:2.3:a:f5:big-ip_carrier-grade_nat:::::::: cpe:2.3:a:f5:big-ip_container_ingress_services:::::::: cpe:2.3:a:f5:big-ip_ddos_hybrid_defender:::::::: cpe:2.3:a:f5:big-ip_domain_name_system:::::::: cpe:2.3:a:f5:big-ip_edge_gateway:::::::: cpe:2.3:a:f5:big-ip_fraud_protection_service:::::::: cpe:2.3:a:f5:big-ip_global_traffic_manager:::::::: cpe:2.3:a:f5:big-ip_link_controller:::::::: cpe:2.3:a:f5:big-ip_local_traffic_manager:::::::: cpe:2.3:a:f5:big-ip_policy_enforcement_manager:::::::: cpe:2.3:a:f5:big-ip_ssl_orchestrator:::::::: cpe:2.3:a:f5:big-ip_webaccelerator:::::::: cpe:2.3:a:f5:big-ip_websafe::::::::
Vendors & Products		F5 big-ip Access Policy Manager F5 big-ip Advanced Firewall Manager F5 big-ip Advanced Web Application Firewall F5 big-ip Analytics F5 big-ip Application Acceleration Manager F5 big-ip Application Security Manager F5 big-ip Application Visibility And Reporting F5 big-ip Automation Toolchain F5 big-ip Carrier-grade Nat F5 big-ip Container Ingress Services F5 big-ip Ddos Hybrid Defender F5 big-ip Domain Name System F5 big-ip Edge Gateway F5 big-ip Fraud Protection Service F5 big-ip Global Traffic Manager F5 big-ip Link Controller F5 big-ip Local Traffic Manager F5 big-ip Policy Enforcement Manager F5 big-ip Ssl Orchestrator F5 big-ip Webaccelerator F5 big-ip Websafe

Wed, 04 Feb 2026 21:30:00 +0000

Type	Values Removed	Values Added
First Time appeared		F5 F5 big-ip
Vendors & Products		F5 F5 big-ip

Wed, 04 Feb 2026 16:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Wed, 04 Feb 2026 15:15:00 +0000

Type	Values Removed	Values Added
Description		A vulnerability exists in an undisclosed BIG-IP Configuration utility page that may allow an attacker to spoof error messages. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
Title		BIG-IP Configuration utility vulnerability
Weaknesses		CWE-451
References		https://my.f5.com/manage/s/article/K000156644
Metrics		cvssV3_1 `{'score': 3.1, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N'}` cvssV4_0 `{'score': 2.3, 'vector': 'CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N'}`

MITRE

Status: PUBLISHED

Assigner: f5

Published: 2026-02-04T15:02:05.281Z

Updated: 2026-02-04T16:08:05.470Z

Reserved: 2026-01-21T21:33:16.381Z

Link: CVE-2026-20732

Vulnrichment

Updated: 2026-02-04T16:07:56.927Z

NVD

Status : Analyzed

Published: 2026-02-04T15:16:14.740

Modified: 2026-02-13T21:44:33.627

Link: CVE-2026-20732

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-02-04T21:17:56Z

Weaknesses

Attack Vector Network

Attack Complexity High

Privileges Required None

Attack Requirements None

User Interaction Passive

Vulnerable System Confidentiality Impact None

Vulnerable System Integrity Impact Low

Vulnerable System Availability Impact None

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact Low

Availability Impact None

User Interaction Required

Exploitation none

Automatable no

Technical Impact partial

Subscriptions

Tracking

JSON object

JSON object

JSON object

JSON object

JSON object