Description
A vulnerability exists in an undisclosed BIG-IP TMOS Shell (tmsh) command that may allow an authenticated attacker with resource administrator or administrator role to execute arbitrary system commands with higher privileges. In Appliance mode deployments, a successful exploit can allow the attacker to cross a security boundary.

Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
Published: 2026-05-13
Score: 8.3 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A flaw in a BIG‑IP TMOS Shell (tmsh) command allows an authenticated attacker who holds a resource administrator or administrator role to run arbitrary system commands with higher privileges. The vulnerability is a missing authorization issue (CWE‑732). If successfully exploited in appliance mode deployments, the attacker can cross a security boundary, potentially gaining full control of the device and its traffic handling capabilities.

Affected Systems

The affected product is F5 Networks BIG‑IP. No specific version information is provided in the CVE. Software versions that have reached End of Technical Support have not been evaluated and therefore are not considered affected in this assessment.

Risk and Exploitability

The CVSS score is 8.3, indicating high severity. EPSS is not available, and the vulnerability is not listed in CISA KEV. The attack requires authenticated access as a resource administrator or administrator; no public exploit code has been disclosed. Once the vulnerability is exploited, the attacker can execute arbitrary system commands with elevated privileges, causing confidentiality, integrity, and availability impacts on the BIG‑IP appliance and potentially on the networks it protects.

Generated by OpenCVE AI on May 13, 2026 at 16:43 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the latest F5 BIG‑IP firmware update that addresses the tmsh command issue
  • Restrict privileged roles to only users who require them, removing unnecessary resource administrator or administrator permissions
  • Isolate the BIG‑IP appliance with network segmentation to limit the impact of a compromise
  • Enable detailed logging and monitoring of tmsh command usage and investigate any suspicious activity

Generated by OpenCVE AI on May 13, 2026 at 16:43 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 13 May 2026 17:45:00 +0000

Type Values Removed Values Added
First Time appeared F5
F5 big-ip
Vendors & Products F5
F5 big-ip

Wed, 13 May 2026 17:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Wed, 13 May 2026 15:15:00 +0000

Type Values Removed Values Added
Description A vulnerability exists in an undisclosed BIG-IP TMOS Shell (tmsh) command that may allow an authenticated attacker with resource administrator or administrator role to execute arbitrary system commands with higher privileges. In Appliance mode deployments, a successful exploit can allow the attacker to cross a security boundary. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
Title BIG-IP tmsh vulnerability
Weaknesses CWE-732
References
Metrics cvssV3_1

{'score': 7.9, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N'}

cvssV4_0

{'score': 8.3, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N'}

Subscriptions

F5 Big-ip
cve-icon MITRE

Status: PUBLISHED

Assigner: f5

Published:

Updated: 2026-05-13T16:10:27.929Z

Reserved: 2026-04-30T23:04:19.998Z

Link: CVE-2026-41217

cve-icon Vulnrichment

Updated: 2026-05-13T16:10:23.288Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-05-13T16:16:44.340

Modified: 2026-05-13T16:27:11.127

Link: CVE-2026-41217

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-13T17:30:06Z

Weaknesses