CVE-2026-32643

F5 · BIG-IP and BIG-IQ

A vulnerability in F5 BIG-IP and BIG-IQ systems allows authenticated users with Certificate Manager roles to modify configuration objects to execute arbitrary system commands.

Executive summary

A high-severity privilege escalation vulnerability in F5 BIG-IP and BIG-IQ allows authenticated attackers to execute arbitrary commands via modified configuration objects.

Vulnerability

This vulnerability (CWE-250) permits an authenticated attacker with at least the Certificate Manager role to manipulate configuration objects. This manipulation results in the execution of arbitrary commands with elevated system privileges.

Business impact

The ability to execute arbitrary commands on critical network infrastructure appliances like BIG-IP and BIG-IQ poses a severe risk to organizational security. With a CVSS score of 8.7, this flaw could allow an attacker to bypass security controls, disrupt network traffic, or maintain persistent access to the internal network.

Remediation

Immediate Action: Apply the relevant security updates provided by F5 for both BIG-IP and BIG-IQ platforms.

Proactive Monitoring: Monitor configuration change logs for any suspicious modifications to certificate-related objects or unexpected command execution.

Compensating Controls: Implement strict role-based access control (RBAC) to ensure that only essential personnel possess the Certificate Manager role and audit existing permissions.

Exploitation status

Public Exploit Available: No (exploit_available: false)

Analyst recommendation

Security teams must treat this vulnerability as a high priority. Ensure that all affected BIG-IP and BIG-IQ systems are updated to the vendor-specified versions to prevent the misuse of administrative roles for arbitrary command execution.