Description
A vulnerability exists in BIG-IP scripted monitors that may allow an authenticated attacker with the Resource Administrator or Administrator role to execute arbitrary system commands with higher privileges. In appliance mode deployments, a successful exploit can allow the attacker to cross a security boundary.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
Published: 2026-05-13
Score: 8.5 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A vulnerability in BIG‑IP scripted monitors allows an authenticated attacker who holds the Resource Administrator or Administrator role to execute arbitrary system commands with higher privileges. When deployed in appliance mode, a successful exploitation can cross a security boundary, allowing the attacker to affect parts of the system that would normally be protected.

Affected Systems

The affected product is F5 BIG‑IP. No specific version information is provided in the advisory. Software that has reached End of Technical Support is not evaluated.

Risk and Exploitability

The CVSS score of 8.5 indicates a high severity risk. EPSS data is unavailable and the vulnerability is not listed in the CISA KEV catalog. Exploitation requires valid authentication with one of the privileged roles and is therefore limited to users who have been granted access to the BIG‑IP management interface. Once authenticated, the attacker can execute commands that may compromise the host operating system and potentially breach internal security controls.

Generated by OpenCVE AI on May 13, 2026 at 16:43 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the latest F5 BIG‑IP patch or firmware release that addresses the scripted monitor flaw.
  • Restrict the Resource Administrator and Administrator roles so that only trusted users can edit or deploy scripted monitors, or remove those roles entirely if possible.
  • Disable scripted monitors in appliance mode or replace them with standard, non‑scripted monitoring mechanisms.

Generated by OpenCVE AI on May 13, 2026 at 16:43 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 13 May 2026 17:00:00 +0000

Type Values Removed Values Added
First Time appeared F5
F5 big-ip
Vendors & Products F5
F5 big-ip

Wed, 13 May 2026 16:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Wed, 13 May 2026 15:15:00 +0000

Type Values Removed Values Added
Description A vulnerability exists in BIG-IP scripted monitors that may allow an authenticated attacker with the Resource Administrator or Administrator role to execute arbitrary system commands with higher privileges. In appliance mode deployments, a successful exploit can allow the attacker to cross a security boundary.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
Title BIG-IP scripted monitor vulnerability
Weaknesses CWE-250
References
Metrics cvssV3_1

{'score': 8.7, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N'}

cvssV4_0

{'score': 8.5, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N'}

Subscriptions

F5 Big-ip
cve-icon MITRE

Status: PUBLISHED

Assigner: f5

Published:

Updated: 2026-05-14T03:56:08.298Z

Reserved: 2026-04-30T23:04:20.003Z

Link: CVE-2026-32673

cve-icon Vulnrichment

Updated: 2026-05-13T16:10:08.769Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-05-13T16:16:39.380

Modified: 2026-05-13T16:27:11.127

Link: CVE-2026-32673

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-13T16:45:44Z

Weaknesses