Description
When running in Appliance mode, an authenticated remote command injection vulnerability exists in an undisclosed iControl REST endpoint. A successful exploit can allow the attacker to cross a security boundary.  

Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
Published: 2026-05-13
Score: 8.5 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability is an authenticated remote command injection in an iControl REST endpoint that serves the big‑picture function of F5 BIG‑IP Appliance mode. The flaw allows an attacker who can authenticate to the appliance to execute arbitrary operating‑system commands and cross the appliance’s security boundary. This results in full control of the device, as the attacker can gain privileged access to the underlying operating system and data stores.

Affected Systems

The affected product is F5 BIG‑IP in Appliance mode. Specific product names would be the BIG‑IP; no software version information has been supplied, so it is not possible to identify unaffected releases from the data provided.

Risk and Exploitability

The CVSS score of 8.5 indicates a high severity level. While the EPSS score is unavailable, the lack of a KEV listing suggests no current widespread exploitation, yet the command injection capability remains a high‑impact vulnerability. The attack requires valid authentication, so internal or privileged network access is likely needed to exploit the flaw. The weakness is catalogued as CWE‑78, pointing to insufficient filtering of user input used in system commands. Given the ability to execute arbitrary code, the fix should be applied as a priority.

Generated by OpenCVE AI on May 13, 2026 at 16:44 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the latest official F5 BIG‑IP firmware that contains the command‑injection fix or any available advisory that addresses the iControl REST flaw.
  • Limit exposure of iControl REST by configuring access controls or firewall rules so only trusted management networks can reach the affected endpoint.
  • Use network segmentation and least‑privilege access principles to ensure that compromised credentials cannot traverse from Appliance mode to other critical infrastructure layers.

Generated by OpenCVE AI on May 13, 2026 at 16:44 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 13 May 2026 21:30:00 +0000

Type Values Removed Values Added
First Time appeared F5
F5 big-ip
Vendors & Products F5
F5 big-ip

Wed, 13 May 2026 17:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Wed, 13 May 2026 15:15:00 +0000

Type Values Removed Values Added
Description When running in Appliance mode, an authenticated remote command injection vulnerability exists in an undisclosed iControl REST endpoint. A successful exploit can allow the attacker to cross a security boundary.   Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
Title Knowledge Appliance mode iControl REST vulnerability
Weaknesses CWE-78
References
Metrics cvssV3_1

{'score': 8.7, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N'}

cvssV4_0

{'score': 8.5, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N'}

Subscriptions

F5 Big-ip
cve-icon MITRE

Status: PUBLISHED

Assigner: f5

Published:

Updated: 2026-05-14T03:56:19.828Z

Reserved: 2026-04-30T23:04:19.989Z

Link: CVE-2026-34176

cve-icon Vulnrichment

Updated: 2026-05-13T16:10:36.586Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-05-13T16:16:39.813

Modified: 2026-05-13T16:27:11.127

Link: CVE-2026-34176

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-13T21:15:04Z

Weaknesses