CVE-2026-41953

F5 · BIG-IP

A command injection vulnerability in F5 BIG-IP allows highly privileged authenticated attackers (Resource Administrator role) to escalate privileges via configuration modifications.

Executive summary

A privilege escalation vulnerability in F5 BIG-IP allows attackers with Resource Administrator privileges to execute arbitrary commands, resulting in total system control.

Vulnerability

This is a command injection (CWE-77) vulnerability occurring when a user with the Resource Administrator role modifies configuration objects. It requires high-privileged authentication (PR:H).

Business impact

While this vulnerability requires high-privileged access, the impact is total (CVSS 8.7). If a malicious actor compromises a high-privileged account, they can escalate their control over the BIG-IP system, effectively bypassing intended security constraints and gaining full authority over the appliance.

Remediation

Immediate Action: Update BIG-IP systems to the patched versions specified in F5 advisory K000160975.

Proactive Monitoring: Audit all changes to configuration objects and monitor command-line activity for administrative users.

Compensating Controls: Implement the principle of least privilege by strictly controlling who is assigned the Resource Administrator role and utilizing centralized logging for all configuration changes.

Exploitation status

Public Exploit Available: Unknown

Analyst recommendation

Administrators should ensure all BIG-IP instances are updated to the versions listed in the vendor advisory. Additionally, review current administrative permissions to ensure that only necessary personnel hold the Resource Administrator role to minimize the attack surface.