Description
An improper sanitization vulnerability exists in the BIG-IP QKView utility that allows a low-privileged attacker to read sensitive information from a QKView file. 


Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated
Published: 2026-05-13
Score: 7.1 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

An improper sanitization vulnerability in the BIG‑IP QKView utility permits a low‑privileged attacker to read sensitive information stored in a QKView file. The flaw falls under CWE‑532, meaning that confidential data can be exported via inadequate input validation and logging oversight.

Affected Systems

The vulnerability affects F5’s BIG‑IP and BIG‑IQ platforms; no specific version range is supplied, so any deployment of these products that is still under support could be impacted.

Risk and Exploitability

The CVSS score of 7.1 indicates a high severity vulnerability. Although EPSS data is not available, the lack of KEV listing suggests that widespread exploitation has not yet been observed. The attack vector is most plausibly local, requiring the attacker to have low‑privileged access to the system already. Once a QKView file is accessed, an attacker can exfiltrate the contained sensitive data.

Generated by OpenCVE AI on May 13, 2026 at 16:50 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Check the F5 vendor site for official security bulletins and apply any available patches for BIG‑IP and BIG‑IQ
  • If no patch is immediately available, restrict file system permissions on QKView files to administrative accounts only and monitor for unauthorized read attempts
  • Disable the QKView service or remove the utility if it is not required for operations to eliminate the attack surface

Generated by OpenCVE AI on May 13, 2026 at 16:50 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 13 May 2026 17:15:00 +0000

Type Values Removed Values Added
First Time appeared F5
F5 big-ip
F5 big-iq
Vendors & Products F5
F5 big-ip
F5 big-iq
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Wed, 13 May 2026 15:15:00 +0000

Type Values Removed Values Added
Description An improper sanitization vulnerability exists in the BIG-IP QKView utility that allows a low-privileged attacker to read sensitive information from a QKView file.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated
Title BIG-IP QKView vulnerability
Weaknesses CWE-532
References
Metrics cvssV3_1

{'score': 6.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N'}

cvssV4_0

{'score': 7.1, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N'}

Subscriptions

F5 Big-ip Big-iq
cve-icon MITRE

Status: PUBLISHED

Assigner: f5

Published:

Updated: 2026-05-13T17:03:02.422Z

Reserved: 2026-04-30T23:02:33.922Z

Link: CVE-2026-41219

cve-icon Vulnrichment

Updated: 2026-05-13T16:16:57.346Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-05-13T16:16:44.620

Modified: 2026-05-13T16:27:11.127

Link: CVE-2026-41219

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-13T17:00:14Z

Weaknesses