CVE-2026-41957
F5 · BIG-IP and BIG-IQ
An authenticated remote code execution vulnerability exists in F5 BIG-IP and BIG-IQ Configuration utility due to insecure deserialization of untrusted data.
Executive summary
An authenticated remote code execution vulnerability in F5 BIG-IP and BIG-IQ products allows attackers with low privileges to achieve total system compromise.
Vulnerability
This is an insecure deserialization vulnerability (CWE-502) in the Configuration utility. It requires low-privileged authenticated access (PR:L) to trigger remote code execution.
Business impact
The ability to execute arbitrary code on critical infrastructure appliances like BIG-IP and BIG-IQ poses a severe risk to organizational security. With a CVSS score of 8.8, this vulnerability allows for total compromise of the appliance, potentially enabling lateral movement, traffic interception, or full service disruption.
Remediation
Immediate Action: Apply the vendor-supplied security patches for the affected BIG-IP and BIG-IQ versions identified in F5 advisory K000156761.
Proactive Monitoring: Review administrative session logs for anomalous activity or unexpected configuration changes initiated by low-privileged accounts.
Compensating Controls: Restrict access to the Configuration utility to known administrative networks and use multi-factor authentication to harden account security.
Exploitation status
Public Exploit Available: Unknown
Analyst recommendation
Organizations utilizing F5 BIG-IP or BIG-IQ must prioritize the application of the latest security patches provided by F5. Given the critical nature of these devices, patching should be performed during the next maintenance window or immediately if the management interface is exposed to non-trusted segments.