CVE-2026-39459

CVE-2026-39459CVE-2026-39459

f5 / big-ip_access_policy_manager

Description

A vulnerability exists in iControl REST and the TMOS Shell (tmsh) where a highly privileged, authenticated attacker with at least the Manager role can create configuration objects that allow running arbitrary commands.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

Scoring

CVSS 7.2 ()
VectorCVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Last modified2026-06-29
Sourced from NVD. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.