CVE-2026-20916
F5 · BIG-IQ
A path traversal vulnerability in the F5 BIG-IQ iControl REST interface allows authenticated low-privilege users to create or modify arbitrary files.
Executive summary
An authenticated path traversal vulnerability in F5 BIG-IQ allows low-privileged users to perform unauthorized file operations, risking system configuration integrity.
Vulnerability
This is a Path Traversal vulnerability (CWE-22) residing in the iControl REST endpoint. It requires the attacker to be an authenticated user with low privileges, limiting the scope to internal threats or compromised accounts.
Business impact
The CVSS score of 8.1 reflects a high risk of impact to system availability and integrity. By modifying or creating arbitrary files, an attacker could potentially escalate privileges, alter system configurations, or impact the operational stability of the BIG-IQ management platform.
Remediation
Immediate Action: Update F5 BIG-IQ to version 8.4.1 or the latest available patched version provided by the vendor.
Proactive Monitoring: Audit iControl REST API logs for suspicious path traversal patterns (e.g., sequences involving "../") and monitor for unauthorized file modification events on the appliance.
Compensating Controls: Restrict access to the iControl REST API to only essential administrative accounts and utilize a WAF or API gateway to filter for malicious path manipulation sequences.
Exploitation status
Public Exploit Available: No (exploit_available: false).
Analyst recommendation
Although the vulnerability requires authentication, the potential for file system manipulation is severe. Administrators should ensure the update to version 8.4.1 is applied during the next maintenance window to prevent unauthorized privilege escalation or system tampering.