CVE-2026-32673

F5 · BIG-IP

A vulnerability in F5 BIG-IP scripted monitors allows authenticated users with administrative privileges to execute arbitrary system commands with elevated permissions.

Executive summary

An authenticated privilege escalation vulnerability in F5 BIG-IP scripted monitors poses a significant risk of unauthorized system command execution.

Vulnerability

The flaw relates to improper privilege management (CWE-250) within BIG-IP scripted monitors. An attacker who has already gained authenticated access as a Resource Administrator or Administrator can leverage this flaw to execute arbitrary commands with higher system privileges.

Business impact

Successful exploitation allows an already-privileged user to gain full control over the underlying operating system of the BIG-IP device. Given the CVSS score of 8.7, this represents a high-severity risk to infrastructure integrity, as it facilitates lateral movement, data exfiltration, or complete system compromise.

Remediation

Immediate Action: Upgrade to version 21.1.0 or later as recommended by the vendor.

Proactive Monitoring: Review administrative audit logs for unusual command execution patterns or unauthorized modifications to monitor scripts.

Compensating Controls: Restrict administrative access to the BIG-IP management interface to known, trusted management subnets and enforce multi-factor authentication (MFA).

Exploitation status

Public Exploit Available: No (exploit_available: false)

Analyst recommendation

The severity of this vulnerability necessitates immediate patching. Organizations should prioritize updating their F5 BIG-IP appliances to the fixed versions provided by the vendor to prevent privileged users from escalating their access to full system control.