CVE-2026-20916

F5 · BIG-IQ

A path traversal vulnerability in the F5 BIG-IQ iControl REST interface allows authenticated low-privilege users to create or modify arbitrary files.

Executive summary

An authenticated path traversal vulnerability in F5 BIG-IQ allows low-privileged users to perform unauthorized file operations, risking system configuration integrity.

Vulnerability

This is a Path Traversal vulnerability (CWE-22) residing in the iControl REST endpoint. It requires the attacker to be an authenticated user with low privileges, limiting the scope to internal threats or compromised accounts.

Business impact

The CVSS score of 8.1 reflects a high risk of impact to system availability and integrity. By modifying or creating arbitrary files, an attacker could potentially escalate privileges, alter system configurations, or impact the operational stability of the BIG-IQ management platform.

Remediation

Immediate Action: Update F5 BIG-IQ to version 8.4.1 or the latest available patched version provided by the vendor.

Proactive Monitoring: Audit iControl REST API logs for suspicious path traversal patterns (e.g., sequences involving "../") and monitor for unauthorized file modification events on the appliance.

Compensating Controls: Restrict access to the iControl REST API to only essential administrative accounts and utilize a WAF or API gateway to filter for malicious path manipulation sequences.

Exploitation status

Public Exploit Available: No (exploit_available: false).

Analyst recommendation

Although the vulnerability requires authentication, the potential for file system manipulation is severe. Administrators should ensure the update to version 8.4.1 is applied during the next maintenance window to prevent unauthorized privilege escalation or system tampering.