Description
When running in Appliance mode, an authenticated attacker assigned the 'Administrator' role may be able to bypass Appliance mode restrictions on a BIG-IP system.

 Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
Published: 2026-05-13
Score: 8.5 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability arises when a BIG‑IP system runs in Appliance mode. An authenticated attacker who holds the Administrator role can bypass the Appliance mode restrictions imposed on the system. This flaw is identified as CWE‑35, indicating an insecure direct object reference, and the CVSS score of 8.5 indicates a high severity impact. The potential consequence is that the attacker gains full administrative control over the BIG‑IP appliance, compromising confidentiality, integrity, and availability of network services managed by the device.

Affected Systems

The affected product is F5 BIG‑IP appliances configured to run in Appliance mode. Software versions that have reached End of Technical Support are not evaluated. No specific version numbers are listed, so any supported BIG‑IP operating under Appliance mode is potentially vulnerable.

Risk and Exploitability

Due to the high CVSS score, this flaw is considered high risk. The EPSS score is not available, so the current exploitation likelihood cannot be quantified, but the vulnerability is not listed in the CISA KEV catalog, suggesting that widespread exploitation has not been reported yet. The attack vector is derived from the description: it is an authenticated privilege escalation, relying on the attacker already having Administrator credentials. If the attacker can obtain such credentials, the attacker can easily subvert Appliance mode and perform unrestricted administrative operations.

Generated by OpenCVE AI on May 13, 2026 at 17:10 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade the BIG‑IP firmware to the latest version that includes the Vendor’s fix for this issue.
  • Review all accounts with Administrator privileges and remove or replace this role with a least‑privilege authorization model.
  • Disable Appliance mode if it is not required for your deployment, or otherwise restrict its use to isolated environments.
  • Implement logging and monitoring of configuration changes to detect any unauthorized activity on the appliance.

Generated by OpenCVE AI on May 13, 2026 at 17:10 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 13 May 2026 17:30:00 +0000

Type Values Removed Values Added
First Time appeared F5
F5 big-ip
Vendors & Products F5
F5 big-ip

Wed, 13 May 2026 17:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Wed, 13 May 2026 15:15:00 +0000

Type Values Removed Values Added
Description When running in Appliance mode, an authenticated attacker assigned the 'Administrator' role may be able to bypass Appliance mode restrictions on a BIG-IP system.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
Title Appliance mode iControl REST vulnerability
Weaknesses CWE-35
References
Metrics cvssV3_1

{'score': 8.7, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N'}

cvssV4_0

{'score': 8.5, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N'}

Subscriptions

F5 Big-ip
cve-icon MITRE

Status: PUBLISHED

Assigner: f5

Published:

Updated: 2026-05-14T03:56:17.520Z

Reserved: 2026-04-30T23:04:27.939Z

Link: CVE-2026-42930

cve-icon Vulnrichment

Updated: 2026-05-13T16:07:59.605Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-05-13T16:16:49.777

Modified: 2026-05-13T16:27:11.127

Link: CVE-2026-42930

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-13T17:15:26Z

Weaknesses