Information disclosure in F5 Big-ip
CVE-2026-41954
Sensitive information disclosure vulnerability exists in the undisclosed iControl REST endpoint and TMOS Shell (tmsh) command which may allow an authenticated attacker with resource administrator role privileges to view sensitive informati…
Vulnerability class: Information Disclosure
EPSS: 0.001 (21.5th percentile) — read the EPSS interpretation.
CVSS v3 metric
CVSS v3 base score 4.9 (Medium). Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N.
Affected products
Weakness classification (CWE)
References
- f5sirt@f5.com (vendor-advisory, patch)
Frequently asked questions
- What is CVE-2026-41954?
- CVE-2026-41954 is a medium-severity vulnerability in F5 Big-ip, classified under Information Disclosure. CVSS score: 4.9/10. Published 2026-05-13.
- How severe is CVE-2026-41954?
- Medium severity. CVSS v3 base score is 4.9 out of 10.