CVE-2026-40698 - Vulnerability Analysis
HighCVSS: 8.7Last Updated: May 13, 2026
F5 BIG-IP & BIG-IQ - Privilege Escalation
Overview
F5 BIG-IP and BIG-IQ contain a privilege escalation caused by creation of SNMP configuration objects via iControl REST or TMOS shell by highly privileged authenticated attackers with Resource Administrator role, letting attackers escalate privileges, exploit requires Resource Administrator role.
Severity & Score
Impact
Attackers with Resource Administrator role can escalate their privileges, potentially gaining full administrative control.
Mitigation
Update to the latest supported version.
Social Media Activity(2 posts)
š CVE-2026-40698 - High (8.7) A vulnerability exists in BIG-IP and BIG-IQ systems where a highly privileged, authenticated attacker with at least the Resource Administrator role can create SNMP configuration objects through iControl REST or the TMOS shell (tmsh) resulting in p... š https://www.thehackerwire.com/vulnerability/CVE-2026-40698/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
View original post
š CVE-2026-40698 - High (8.7) A vulnerability exists in BIG-IP and BIG-IQ systems where a highly privileged, authenticated attacker with at least the Resource Administrator role can create SNMP configuration objects through iControl REST or the TMOS shell (tmsh) resulting in p... š https://www.thehackerwire.com/vulnerability/CVE-2026-40698/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
View original postRelated Resources
Details
- CVE ID
- CVE-2026-40698
- Severity
- High
- CVSS Score
- 8.7
- Type
- broken_access_control
- Status
- unconfirmed
- EPSS
- 5.3%
- Social Posts
- 2
CWE
- CWE-77
CVSS Metrics
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N