Vulnerability-Lookup

CVE-2026-20732 (GCVE-0-2026-20732)

Vulnerability from cvelistv5 – Published: 2026-02-04 15:02 – Updated: 2026-02-04 16:08

Title

BIG-IP Configuration utility vulnerability

Summary

A vulnerability exists in an undisclosed BIG-IP Configuration utility page that may allow an attacker to spoof error messages. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

Severity ?

3.1 (Low)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N

2.3 (Low)


                        
                          CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

CWE

CWE-451 - User Interface (UI) Misrepresentation of Critical Information

Assigner

References

URL

Tags

https://my.f5.com/manage/s/article/K000156644

vendor-advisory

Impacted products

	Vendor	Product	Version
	F5	BIG-IP	Unaffected: 21.0.0 , < * (custom) Affected: 17.5.0 , < 17.5.1.4 (custom) Affected: 17.1.0 , < 17.1.3.1 (custom) Affected: 16.1.0 , < * (custom)

Date Public ?

2026-02-04 15:00

Credits

F5 acknowledges Michał Majchrowicz, Marcin Wyczechowski, and Zbigniew Piotrak (members of the AFINE Team) for bringing this issue to our attention and following the highest standards of coordinated disclosure.

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-20732",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-02-04T16:07:17.980958Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-02-04T16:08:05.470Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unknown",
          "modules": [
            "All Modules"
          ],
          "product": "BIG-IP",
          "vendor": "F5",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "21.0.0",
              "versionType": "custom"
            },
            {
              "lessThan": "17.5.1.4",
              "status": "affected",
              "version": "17.5.0",
              "versionType": "custom"
            },
            {
              "lessThan": "17.1.3.1",
              "status": "affected",
              "version": "17.1.0",
              "versionType": "custom"
            },
            {
              "lessThan": "*",
              "status": "affected",
              "version": "16.1.0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "F5 acknowledges Micha\u0142 Majchrowicz, Marcin Wyczechowski, and Zbigniew Piotrak (members of the AFINE Team) for bringing this issue to our attention and following the highest standards of coordinated disclosure."
        }
      ],
      "datePublic": "2026-02-04T15:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eA vulnerability exists in an undisclosed BIG-IP Configuration utility page that may allow an attacker to spoof error messages.\u0026nbsp;\u0026nbsp;\u003c/span\u003eNote: Software versions which have reached End of Technical Support (EoTS) are not evaluated."
            }
          ],
          "value": "A vulnerability exists in an undisclosed BIG-IP Configuration utility page that may allow an attacker to spoof error messages.\u00a0\u00a0Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 3.1,
            "baseSeverity": "LOW",
            "confidentialityImpact": "NONE",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        },
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "HIGH",
            "attackRequirements": "NONE",
            "attackVector": "NETWORK",
            "baseScore": 2.3,
            "baseSeverity": "LOW",
            "privilegesRequired": "NONE",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "PASSIVE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "NONE",
            "vulnConfidentialityImpact": "NONE",
            "vulnIntegrityImpact": "LOW",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-451",
              "description": "CWE-451: User Interface (UI) Misrepresentation of Critical Information",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-02-04T15:02:05.281Z",
        "orgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
        "shortName": "f5"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://my.f5.com/manage/s/article/K000156644"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "BIG-IP Configuration utility vulnerability",
      "x_generator": {
        "engine": "F5 SIRTBot v1.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
    "assignerShortName": "f5",
    "cveId": "CVE-2026-20732",
    "datePublished": "2026-02-04T15:02:05.281Z",
    "dateReserved": "2026-01-21T21:33:16.381Z",
    "dateUpdated": "2026-02-04T16:08:05.470Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2026-20732\",\"sourceIdentifier\":\"f5sirt@f5.com\",\"published\":\"2026-02-04T15:16:14.740\",\"lastModified\":\"2026-02-13T21:44:33.627\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A vulnerability exists in an undisclosed BIG-IP Configuration utility page that may allow an attacker to spoof error messages.\u00a0\u00a0Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.\"}],\"metrics\":{\"cvssMetricV40\":[{\"source\":\"f5sirt@f5.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"4.0\",\"vectorString\":\"CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X\",\"baseScore\":2.3,\"baseSeverity\":\"LOW\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"attackRequirements\":\"NONE\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"PASSIVE\",\"vulnConfidentialityImpact\":\"NONE\",\"vulnIntegrityImpact\":\"LOW\",\"vulnAvailabilityImpact\":\"NONE\",\"subConfidentialityImpact\":\"NONE\",\"subIntegrityImpact\":\"NONE\",\"subAvailabilityImpact\":\"NONE\",\"exploitMaturity\":\"NOT_DEFINED\",\"confidentialityRequirement\":\"NOT_DEFINED\",\"integrityRequirement\":\"NOT_DEFINED\",\"availabilityRequirement\":\"NOT_DEFINED\",\"modifiedAttackVector\":\"NOT_DEFINED\",\"modifiedAttackComplexity\":\"NOT_DEFINED\",\"modifiedAttackRequirements\":\"NOT_DEFINED\",\"modifiedPrivilegesRequired\":\"NOT_DEFINED\",\"modifiedUserInteraction\":\"NOT_DEFINED\",\"modifiedVulnConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedVulnIntegrityImpact\":\"NOT_DEFINED\",\"modifiedVulnAvailabilityImpact\":\"NOT_DEFINED\",\"modifiedSubConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedSubIntegrityImpact\":\"NOT_DEFINED\",\"modifiedSubAvailabilityImpact\":\"NOT_DEFINED\",\"Safety\":\"NOT_DEFINED\",\"Automatable\":\"NOT_DEFINED\",\"Recovery\":\"NOT_DEFINED\",\"valueDensity\":\"NOT_DEFINED\",\"vulnerabilityResponseEffort\":\"NOT_DEFINED\",\"providerUrgency\":\"NOT_DEFINED\"}}],\"cvssMetricV31\":[{\"source\":\"f5sirt@f5.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N\",\"baseScore\":3.1,\"baseSeverity\":\"LOW\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":1.6,\"impactScore\":1.4},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N\",\"baseScore\":4.3,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.8,\"impactScore\":1.4}]},\"weaknesses\":[{\"source\":\"f5sirt@f5.com\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-451\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-noinfo\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"16.1.0\",\"versionEndIncluding\":\"16.1.6\",\"matchCriteriaId\":\"BD3A2286-B181-47DA-BCB3-A9D0E0B357AC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"16.1.0\",\"versionEndIncluding\":\"16.1.6\",\"matchCriteriaId\":\"004CBB88-E617-4A0A-BE42-E1E6BB52D736\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_advanced_web_application_firewall:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"16.1.0\",\"versionEndIncluding\":\"16.1.6\",\"matchCriteriaId\":\"920FA89D-E154-4936-B88E-8B60D5B39B40\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"16.1.0\",\"versionEndIncluding\":\"16.1.6\",\"matchCriteriaId\":\"94ADD021-8229-4CDE-AE73-33FB1BD4A3C5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"16.1.0\",\"versionEndIncluding\":\"16.1.6\",\"matchCriteriaId\":\"216A1ED3-D0CD-4A08-B9E8-A5B54942E831\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"16.1.0\",\"versionEndIncluding\":\"16.1.6\",\"matchCriteriaId\":\"CA7B9727-7694-4D1B-8B48-175196544050\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_application_visibility_and_reporting:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"16.1.0\",\"versionEndIncluding\":\"16.1.6\",\"matchCriteriaId\":\"5481F477-166F-4321-80A0-539095C6B829\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_automation_toolchain:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"16.1.0\",\"versionEndIncluding\":\"16.1.6\",\"matchCriteriaId\":\"5462B02C-4414-4B14-A671-D8993BD9511D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_carrier-grade_nat:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"16.1.0\",\"versionEndIncluding\":\"16.1.6\",\"matchCriteriaId\":\"4A6B33EA-BD41-45A1-801F-BF2439E4F501\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_container_ingress_services:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"16.1.0\",\"versionEndIncluding\":\"16.1.6\",\"matchCriteriaId\":\"972BEB00-AAC3-42F7-BB45-881E1A3D1131\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_ddos_hybrid_defender:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"16.1.0\",\"versionEndIncluding\":\"16.1.6\",\"matchCriteriaId\":\"226B7285-7977-4BBC-947E-E9541E1AAB89\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"16.1.0\",\"versionEndIncluding\":\"16.1.6\",\"matchCriteriaId\":\"8B49FF41-861D-488F-94DC-DAE222A9BE0D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"16.1.0\",\"versionEndIncluding\":\"16.1.6\",\"matchCriteriaId\":\"4962EDD5-384F-4ABC-8696-8C4AACEE19BD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"16.1.0\",\"versionEndIncluding\":\"16.1.6\",\"matchCriteriaId\":\"CE7A5976-AAA0-4FF1-ADAC-4547F24765FA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"16.1.0\",\"versionEndIncluding\":\"16.1.6\",\"matchCriteriaId\":\"5728B748-0795-4056-91E8-B3A0DB3A3081\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"16.1.0\",\"versionEndIncluding\":\"16.1.6\",\"matchCriteriaId\":\"C453B7CE-FBA6-46E7-975D-61D7A18773F9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"16.1.0\",\"versionEndIncluding\":\"16.1.6\",\"matchCriteriaId\":\"EC77DFC2-A3DC-46E6-9419-0ABA84CD275E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"16.1.0\",\"versionEndIncluding\":\"16.1.6\",\"matchCriteriaId\":\"25701935-02F5-4BD8-95F0-6693C6606558\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_ssl_orchestrator:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"16.1.0\",\"versionEndIncluding\":\"16.1.6\",\"matchCriteriaId\":\"AC71E265-C7B7-4A78-B73A-32B5FECE5D36\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"16.1.0\",\"versionEndIncluding\":\"16.1.6\",\"matchCriteriaId\":\"8B029869-31AB-4FE2-846E-FC6F7133ADF8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_websafe:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"16.1.0\",\"versionEndIncluding\":\"16.1.6\",\"matchCriteriaId\":\"2760AEE2-DCA4-4ED8-92DE-F409EED1A7D9\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"17.1.0\",\"versionEndExcluding\":\"17.1.3.1\",\"matchCriteriaId\":\"8AA506C6-269A-414F-8D9A-B14BB7557308\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"17.5.0\",\"versionEndExcluding\":\"17.5.1.4\",\"matchCriteriaId\":\"572D9204-F862-4D58-81F5-025EBC63C47F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"17.1.0\",\"versionEndExcluding\":\"17.1.3.1\",\"matchCriteriaId\":\"06C03575-5FDA-45B9-B294-9994C083DFEA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"17.5.0\",\"versionEndExcluding\":\"17.5.1.4\",\"matchCriteriaId\":\"A31FB687-E5D0-4895-9144-A56F5DD62762\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_advanced_web_application_firewall:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"17.1.0\",\"versionEndExcluding\":\"17.1.3.1\",\"matchCriteriaId\":\"B248CFD1-7095-4E6F-A72A-23AA9C1A4615\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_advanced_web_application_firewall:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"17.5.0\",\"versionEndExcluding\":\"17.5.1.4\",\"matchCriteriaId\":\"1A1E893E-2524-48FF-84B4-3BF607D30B51\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"17.1.0\",\"versionEndExcluding\":\"17.1.3.1\",\"matchCriteriaId\":\"9B2FBE19-2AE9-42E4-9F92-FA7436DB3ECE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"17.5.0\",\"versionEndExcluding\":\"17.5.1.4\",\"matchCriteriaId\":\"AF3ABBAB-A921-419F-A0F6-2E0A134A3F20\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"17.1.0\",\"versionEndExcluding\":\"17.1.3.1\",\"matchCriteriaId\":\"8D03E914-1383-4950-BC80-811F3CDF2DF2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"17.5.0\",\"versionEndExcluding\":\"17.5.1.4\",\"matchCriteriaId\":\"0CB6BCD4-9FCF-4D87-8F96-44197B2DA34D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"17.1.0\",\"versionEndExcluding\":\"17.1.3.1\",\"matchCriteriaId\":\"4FC4FD92-F496-46C7-A896-3C8F53F2D86A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"17.5.0\",\"versionEndExcluding\":\"17.5.1.4\",\"matchCriteriaId\":\"BDEC2620-4C8A-4BBF-9DC9-8FE4BDB79068\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_application_visibility_and_reporting:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"17.1.0\",\"versionEndExcluding\":\"17.1.3.1\",\"matchCriteriaId\":\"8E29086A-10D0-4C7F-AA61-4507AED2B7BD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_application_visibility_and_reporting:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"17.5.0\",\"versionEndExcluding\":\"17.5.1.4\",\"matchCriteriaId\":\"0756AA83-2271-475C-BE33-5DCDF49B6C8D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_automation_toolchain:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"17.1.0\",\"versionEndExcluding\":\"17.1.3.1\",\"matchCriteriaId\":\"72DBD6A8-D66E-413C-B0A8-03BB4A36EFF1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_automation_toolchain:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"17.5.0\",\"versionEndExcluding\":\"17.5.1.4\",\"matchCriteriaId\":\"6E9FECC2-B252-4324-8BA6-889FE3B19E74\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_carrier-grade_nat:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"17.1.0\",\"versionEndExcluding\":\"17.1.3.1\",\"matchCriteriaId\":\"342FB182-C969-4C10-B19A-B759DAD1A7DA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_carrier-grade_nat:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"17.5.0\",\"versionEndExcluding\":\"17.5.1.4\",\"matchCriteriaId\":\"390FCDB9-FEBB-4D6F-B54B-BE2FC5E3A376\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_container_ingress_services:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"17.1.0\",\"versionEndExcluding\":\"17.1.3.1\",\"matchCriteriaId\":\"8606D37A-CA80-4D7B-880C-ADD39D2FE540\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_container_ingress_services:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"17.5.0\",\"versionEndExcluding\":\"17.5.1.4\",\"matchCriteriaId\":\"6C086154-AA26-4EEE-983A-3320B6F6F4F3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_ddos_hybrid_defender:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"17.1.0\",\"versionEndExcluding\":\"17.1.3.1\",\"matchCriteriaId\":\"99B99D8B-A1CB-45B6-B9A2-E0414807A1B7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_ddos_hybrid_defender:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"17.5.0\",\"versionEndExcluding\":\"17.5.1.4\",\"matchCriteriaId\":\"8AE0F043-6356-426E-AA39-ABAFF736ECE3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"17.1.0\",\"versionEndExcluding\":\"17.1.3.1\",\"matchCriteriaId\":\"100CEE47-7F09-48AF-A3BD-734E6E987790\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"17.5.0\",\"versionEndExcluding\":\"17.5.1.4\",\"matchCriteriaId\":\"3D89B768-239D-4102-A5EA-8723019A4845\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"17.1.0\",\"versionEndExcluding\":\"17.1.3.1\",\"matchCriteriaId\":\"743BE992-18D6-4C09-81FA-9EB497373D2B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"17.5.0\",\"versionEndExcluding\":\"17.5.1.4\",\"matchCriteriaId\":\"117BA660-28EE-4C98-BE9F-23A321620B38\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"17.1.0\",\"versionEndExcluding\":\"17.1.3.1\",\"matchCriteriaId\":\"985D71E2-BBD4-4779-AB50-399BC40186B0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"17.5.0\",\"versionEndExcluding\":\"17.5.1.4\",\"matchCriteriaId\":\"2D9CA9C1-B6D9-490F-82ED-0ECBC09C6A40\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"17.1.0\",\"versionEndExcluding\":\"17.1.3.1\",\"matchCriteriaId\":\"22EE0EEB-C4B7-4C93-B65F-0219098B75D6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"17.5.0\",\"versionEndExcluding\":\"17.5.1.4\",\"matchCriteriaId\":\"39D1486B-F0D4-4D4C-A11B-E3E1E6F30162\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"17.1.0\",\"versionEndExcluding\":\"17.1.3.1\",\"matchCriteriaId\":\"2736B84F-D892-4602-8BE7-4329E36E3BB5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"17.5.0.\",\"versionEndExcluding\":\"17.5.1.4\",\"matchCriteriaId\":\"44BA40A5-F1F9-416A-AF7A-7624A2620B4F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"17.1.0\",\"versionEndExcluding\":\"17.1.3.1\",\"matchCriteriaId\":\"C92E57FE-57F4-4FF5-A89C-FE4BDB804060\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"17.5.0\",\"versionEndExcluding\":\"17.5.1.4\",\"matchCriteriaId\":\"83C8F4D3-FE1E-4BDC-AD32-BC570F325022\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"17.1.0\",\"versionEndExcluding\":\"17.1.3.1\",\"matchCriteriaId\":\"A93E9509-2B18-49D1-9B78-CC49EACFA930\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"17.5.0\",\"versionEndExcluding\":\"17.5.1.4\",\"matchCriteriaId\":\"58006023-CFF1-41B3-9961-6D2728E45FE1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_ssl_orchestrator:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"17.1.0\",\"versionEndExcluding\":\"17.1.3.1\",\"matchCriteriaId\":\"68C52EBC-167C-4D46-93E1-0302860D42CD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_ssl_orchestrator:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"17.5.0\",\"versionEndExcluding\":\"17.5.1.4\",\"matchCriteriaId\":\"27838D60-7CB2-464A-85CD-9F2BF94DED28\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"17.1.0\",\"versionEndExcluding\":\"17.1.3.1\",\"matchCriteriaId\":\"0CCD0DDB-D6EA-47D1-9E90-90D194B981E7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"17.5.0\",\"versionEndExcluding\":\"17.5.1.4\",\"matchCriteriaId\":\"D83813AD-9401-43F1-9C9A-A52F3334C05F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_websafe:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"17.1.0\",\"versionEndExcluding\":\"17.1.3.1\",\"matchCriteriaId\":\"8229B10B-0902-4FAC-B31D-8DB9E0A3F348\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_websafe:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"17.5.0\",\"versionEndExcluding\":\"17.5.1.4\",\"matchCriteriaId\":\"95965E49-EC7F-4CBE-9E1C-B0A8E3057329\"}]}]}],\"references\":[{\"url\":\"https://my.f5.com/manage/s/article/K000156644\",\"source\":\"f5sirt@f5.com\",\"tags\":[\"Vendor Advisory\"]}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2026-20732\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2026-02-04T16:07:17.980958Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2026-02-04T16:07:56.927Z\"}}], \"cna\": {\"title\": \"BIG-IP Configuration utility vulnerability\", \"source\": {\"discovery\": \"EXTERNAL\"}, \"credits\": [{\"lang\": \"en\", \"type\": \"finder\", \"value\": \"F5 acknowledges Micha\\u0142 Majchrowicz, Marcin Wyczechowski, and Zbigniew Piotrak (members of the AFINE Team) for bringing this issue to our attention and following the highest standards of coordinated disclosure.\"}], \"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 3.1, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"LOW\", \"vectorString\": \"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N\", \"integrityImpact\": \"LOW\", \"userInteraction\": \"REQUIRED\", \"attackComplexity\": \"HIGH\", \"availabilityImpact\": \"NONE\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"NONE\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}, {\"format\": \"CVSS\", \"cvssV4_0\": {\"Safety\": \"NOT_DEFINED\", \"version\": \"4.0\", \"Recovery\": \"NOT_DEFINED\", \"baseScore\": 2.3, \"Automatable\": \"NOT_DEFINED\", \"attackVector\": \"NETWORK\", \"baseSeverity\": \"LOW\", \"valueDensity\": \"NOT_DEFINED\", \"vectorString\": \"CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N\", \"providerUrgency\": \"NOT_DEFINED\", \"userInteraction\": \"PASSIVE\", \"attackComplexity\": \"HIGH\", \"attackRequirements\": \"NONE\", \"privilegesRequired\": \"NONE\", \"subIntegrityImpact\": \"NONE\", \"vulnIntegrityImpact\": \"LOW\", \"subAvailabilityImpact\": \"NONE\", \"vulnAvailabilityImpact\": \"NONE\", \"subConfidentialityImpact\": \"NONE\", \"vulnConfidentialityImpact\": \"NONE\", \"vulnerabilityResponseEffort\": \"NOT_DEFINED\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"F5\", \"modules\": [\"All Modules\"], \"product\": \"BIG-IP\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"21.0.0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"17.5.0\", \"lessThan\": \"17.5.1.4\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"17.1.0\", \"lessThan\": \"17.1.3.1\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"16.1.0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}], \"datePublic\": \"2026-02-04T15:00:00.000Z\", \"references\": [{\"url\": \"https://my.f5.com/manage/s/article/K000156644\", \"tags\": [\"vendor-advisory\"]}], \"x_generator\": {\"engine\": \"F5 SIRTBot v1.0\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"A vulnerability exists in an undisclosed BIG-IP Configuration utility page that may allow an attacker to spoof error messages.\\u00a0\\u00a0Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"\u003cspan style=\\\"background-color: rgb(255, 255, 255);\\\"\u003eA vulnerability exists in an undisclosed BIG-IP Configuration utility page that may allow an attacker to spoof error messages.\u0026nbsp;\u0026nbsp;\u003c/span\u003eNote: Software versions which have reached End of Technical Support (EoTS) are not evaluated.\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-451\", \"description\": \"CWE-451: User Interface (UI) Misrepresentation of Critical Information\"}]}], \"providerMetadata\": {\"orgId\": \"9dacffd4-cb11-413f-8451-fbbfd4ddc0ab\", \"shortName\": \"f5\", \"dateUpdated\": \"2026-02-04T15:02:05.281Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2026-20732\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-02-04T16:08:05.470Z\", \"dateReserved\": \"2026-01-21T21:33:16.381Z\", \"assignerOrgId\": \"9dacffd4-cb11-413f-8451-fbbfd4ddc0ab\", \"datePublished\": \"2026-02-04T15:02:05.281Z\", \"assignerShortName\": \"f5\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }
  }
}

GHSA-FC72-GWGQ-7P26

Vulnerability from github – Published: 2026-02-04 15:30 – Updated: 2026-02-14 00:32

Details

Severity ?

3.1 (Low)


                  
                    CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N

2.3 (Low)


                  
                    CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2026-20732"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-451"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-02-04T15:16:14Z",
    "severity": "LOW"
  },
  "details": "A vulnerability exists in an undisclosed BIG-IP Configuration utility page that may allow an attacker to spoof error messages.\u00a0\u00a0Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.",
  "id": "GHSA-fc72-gwgq-7p26",
  "modified": "2026-02-14T00:32:41Z",
  "published": "2026-02-04T15:30:31Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-20732"
    },
    {
      "type": "WEB",
      "url": "https://my.f5.com/manage/s/article/K000156644"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

FKIE_CVE-2026-20732

Vulnerability from fkie_nvd - Published: 2026-02-04 15:16 - Updated: 2026-02-13 21:44

Severity ?

3.1 (Low) - CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Summary

References

	URL	Tags
	f5sirt@f5.com	https://my.f5.com/manage/s/article/K000156644	Vendor Advisory

Impacted products

Vendor	Product	Version
f5	big-ip_access_policy_manager	*
f5	big-ip_advanced_firewall_manager	*
f5	big-ip_advanced_web_application_firewall	*
f5	big-ip_analytics	*
f5	big-ip_application_acceleration_manager	*
f5	big-ip_application_security_manager	*
f5	big-ip_application_visibility_and_reporting	*
f5	big-ip_automation_toolchain	*
f5	big-ip_carrier-grade_nat	*
f5	big-ip_container_ingress_services	*
f5	big-ip_ddos_hybrid_defender	*
f5	big-ip_domain_name_system	*
f5	big-ip_edge_gateway	*
f5	big-ip_fraud_protection_service	*
f5	big-ip_global_traffic_manager	*
f5	big-ip_link_controller	*
f5	big-ip_local_traffic_manager	*
f5	big-ip_policy_enforcement_manager	*
f5	big-ip_ssl_orchestrator	*
f5	big-ip_webaccelerator	*
f5	big-ip_websafe	*
f5	big-ip_access_policy_manager	*
f5	big-ip_access_policy_manager	*
f5	big-ip_advanced_firewall_manager	*
f5	big-ip_advanced_firewall_manager	*
f5	big-ip_advanced_web_application_firewall	*
f5	big-ip_advanced_web_application_firewall	*
f5	big-ip_analytics	*
f5	big-ip_analytics	*
f5	big-ip_application_acceleration_manager	*
f5	big-ip_application_acceleration_manager	*
f5	big-ip_application_security_manager	*
f5	big-ip_application_security_manager	*
f5	big-ip_application_visibility_and_reporting	*
f5	big-ip_application_visibility_and_reporting	*
f5	big-ip_automation_toolchain	*
f5	big-ip_automation_toolchain	*
f5	big-ip_carrier-grade_nat	*
f5	big-ip_carrier-grade_nat	*
f5	big-ip_container_ingress_services	*
f5	big-ip_container_ingress_services	*
f5	big-ip_ddos_hybrid_defender	*
f5	big-ip_ddos_hybrid_defender	*
f5	big-ip_domain_name_system	*
f5	big-ip_domain_name_system	*
f5	big-ip_edge_gateway	*
f5	big-ip_edge_gateway	*
f5	big-ip_fraud_protection_service	*
f5	big-ip_fraud_protection_service	*
f5	big-ip_global_traffic_manager	*
f5	big-ip_global_traffic_manager	*
f5	big-ip_link_controller	*
f5	big-ip_link_controller	*
f5	big-ip_local_traffic_manager	*
f5	big-ip_local_traffic_manager	*
f5	big-ip_policy_enforcement_manager	*
f5	big-ip_policy_enforcement_manager	*
f5	big-ip_ssl_orchestrator	*
f5	big-ip_ssl_orchestrator	*
f5	big-ip_webaccelerator	*
f5	big-ip_webaccelerator	*
f5	big-ip_websafe	*
f5	big-ip_websafe	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "BD3A2286-B181-47DA-BCB3-A9D0E0B357AC",
              "versionEndIncluding": "16.1.6",
              "versionStartIncluding": "16.1.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "004CBB88-E617-4A0A-BE42-E1E6BB52D736",
              "versionEndIncluding": "16.1.6",
              "versionStartIncluding": "16.1.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_advanced_web_application_firewall:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "920FA89D-E154-4936-B88E-8B60D5B39B40",
              "versionEndIncluding": "16.1.6",
              "versionStartIncluding": "16.1.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "94ADD021-8229-4CDE-AE73-33FB1BD4A3C5",
              "versionEndIncluding": "16.1.6",
              "versionStartIncluding": "16.1.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "216A1ED3-D0CD-4A08-B9E8-A5B54942E831",
              "versionEndIncluding": "16.1.6",
              "versionStartIncluding": "16.1.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "CA7B9727-7694-4D1B-8B48-175196544050",
              "versionEndIncluding": "16.1.6",
              "versionStartIncluding": "16.1.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_application_visibility_and_reporting:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "5481F477-166F-4321-80A0-539095C6B829",
              "versionEndIncluding": "16.1.6",
              "versionStartIncluding": "16.1.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_automation_toolchain:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "5462B02C-4414-4B14-A671-D8993BD9511D",
              "versionEndIncluding": "16.1.6",
              "versionStartIncluding": "16.1.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_carrier-grade_nat:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "4A6B33EA-BD41-45A1-801F-BF2439E4F501",
              "versionEndIncluding": "16.1.6",
              "versionStartIncluding": "16.1.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_container_ingress_services:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "972BEB00-AAC3-42F7-BB45-881E1A3D1131",
              "versionEndIncluding": "16.1.6",
              "versionStartIncluding": "16.1.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_ddos_hybrid_defender:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "226B7285-7977-4BBC-947E-E9541E1AAB89",
              "versionEndIncluding": "16.1.6",
              "versionStartIncluding": "16.1.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "8B49FF41-861D-488F-94DC-DAE222A9BE0D",
              "versionEndIncluding": "16.1.6",
              "versionStartIncluding": "16.1.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "4962EDD5-384F-4ABC-8696-8C4AACEE19BD",
              "versionEndIncluding": "16.1.6",
              "versionStartIncluding": "16.1.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "CE7A5976-AAA0-4FF1-ADAC-4547F24765FA",
              "versionEndIncluding": "16.1.6",
              "versionStartIncluding": "16.1.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "5728B748-0795-4056-91E8-B3A0DB3A3081",
              "versionEndIncluding": "16.1.6",
              "versionStartIncluding": "16.1.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "C453B7CE-FBA6-46E7-975D-61D7A18773F9",
              "versionEndIncluding": "16.1.6",
              "versionStartIncluding": "16.1.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "EC77DFC2-A3DC-46E6-9419-0ABA84CD275E",
              "versionEndIncluding": "16.1.6",
              "versionStartIncluding": "16.1.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "25701935-02F5-4BD8-95F0-6693C6606558",
              "versionEndIncluding": "16.1.6",
              "versionStartIncluding": "16.1.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_ssl_orchestrator:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "AC71E265-C7B7-4A78-B73A-32B5FECE5D36",
              "versionEndIncluding": "16.1.6",
              "versionStartIncluding": "16.1.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "8B029869-31AB-4FE2-846E-FC6F7133ADF8",
              "versionEndIncluding": "16.1.6",
              "versionStartIncluding": "16.1.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_websafe:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "2760AEE2-DCA4-4ED8-92DE-F409EED1A7D9",
              "versionEndIncluding": "16.1.6",
              "versionStartIncluding": "16.1.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "8AA506C6-269A-414F-8D9A-B14BB7557308",
              "versionEndExcluding": "17.1.3.1",
              "versionStartIncluding": "17.1.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "572D9204-F862-4D58-81F5-025EBC63C47F",
              "versionEndExcluding": "17.5.1.4",
              "versionStartIncluding": "17.5.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "06C03575-5FDA-45B9-B294-9994C083DFEA",
              "versionEndExcluding": "17.1.3.1",
              "versionStartIncluding": "17.1.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "A31FB687-E5D0-4895-9144-A56F5DD62762",
              "versionEndExcluding": "17.5.1.4",
              "versionStartIncluding": "17.5.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_advanced_web_application_firewall:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "B248CFD1-7095-4E6F-A72A-23AA9C1A4615",
              "versionEndExcluding": "17.1.3.1",
              "versionStartIncluding": "17.1.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_advanced_web_application_firewall:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "1A1E893E-2524-48FF-84B4-3BF607D30B51",
              "versionEndExcluding": "17.5.1.4",
              "versionStartIncluding": "17.5.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "9B2FBE19-2AE9-42E4-9F92-FA7436DB3ECE",
              "versionEndExcluding": "17.1.3.1",
              "versionStartIncluding": "17.1.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "AF3ABBAB-A921-419F-A0F6-2E0A134A3F20",
              "versionEndExcluding": "17.5.1.4",
              "versionStartIncluding": "17.5.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "8D03E914-1383-4950-BC80-811F3CDF2DF2",
              "versionEndExcluding": "17.1.3.1",
              "versionStartIncluding": "17.1.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "0CB6BCD4-9FCF-4D87-8F96-44197B2DA34D",
              "versionEndExcluding": "17.5.1.4",
              "versionStartIncluding": "17.5.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "4FC4FD92-F496-46C7-A896-3C8F53F2D86A",
              "versionEndExcluding": "17.1.3.1",
              "versionStartIncluding": "17.1.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "BDEC2620-4C8A-4BBF-9DC9-8FE4BDB79068",
              "versionEndExcluding": "17.5.1.4",
              "versionStartIncluding": "17.5.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_application_visibility_and_reporting:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "8E29086A-10D0-4C7F-AA61-4507AED2B7BD",
              "versionEndExcluding": "17.1.3.1",
              "versionStartIncluding": "17.1.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_application_visibility_and_reporting:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "0756AA83-2271-475C-BE33-5DCDF49B6C8D",
              "versionEndExcluding": "17.5.1.4",
              "versionStartIncluding": "17.5.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_automation_toolchain:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "72DBD6A8-D66E-413C-B0A8-03BB4A36EFF1",
              "versionEndExcluding": "17.1.3.1",
              "versionStartIncluding": "17.1.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_automation_toolchain:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "6E9FECC2-B252-4324-8BA6-889FE3B19E74",
              "versionEndExcluding": "17.5.1.4",
              "versionStartIncluding": "17.5.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_carrier-grade_nat:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "342FB182-C969-4C10-B19A-B759DAD1A7DA",
              "versionEndExcluding": "17.1.3.1",
              "versionStartIncluding": "17.1.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_carrier-grade_nat:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "390FCDB9-FEBB-4D6F-B54B-BE2FC5E3A376",
              "versionEndExcluding": "17.5.1.4",
              "versionStartIncluding": "17.5.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_container_ingress_services:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "8606D37A-CA80-4D7B-880C-ADD39D2FE540",
              "versionEndExcluding": "17.1.3.1",
              "versionStartIncluding": "17.1.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_container_ingress_services:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "6C086154-AA26-4EEE-983A-3320B6F6F4F3",
              "versionEndExcluding": "17.5.1.4",
              "versionStartIncluding": "17.5.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_ddos_hybrid_defender:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "99B99D8B-A1CB-45B6-B9A2-E0414807A1B7",
              "versionEndExcluding": "17.1.3.1",
              "versionStartIncluding": "17.1.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_ddos_hybrid_defender:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "8AE0F043-6356-426E-AA39-ABAFF736ECE3",
              "versionEndExcluding": "17.5.1.4",
              "versionStartIncluding": "17.5.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "100CEE47-7F09-48AF-A3BD-734E6E987790",
              "versionEndExcluding": "17.1.3.1",
              "versionStartIncluding": "17.1.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "3D89B768-239D-4102-A5EA-8723019A4845",
              "versionEndExcluding": "17.5.1.4",
              "versionStartIncluding": "17.5.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "743BE992-18D6-4C09-81FA-9EB497373D2B",
              "versionEndExcluding": "17.1.3.1",
              "versionStartIncluding": "17.1.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "117BA660-28EE-4C98-BE9F-23A321620B38",
              "versionEndExcluding": "17.5.1.4",
              "versionStartIncluding": "17.5.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "985D71E2-BBD4-4779-AB50-399BC40186B0",
              "versionEndExcluding": "17.1.3.1",
              "versionStartIncluding": "17.1.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "2D9CA9C1-B6D9-490F-82ED-0ECBC09C6A40",
              "versionEndExcluding": "17.5.1.4",
              "versionStartIncluding": "17.5.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "22EE0EEB-C4B7-4C93-B65F-0219098B75D6",
              "versionEndExcluding": "17.1.3.1",
              "versionStartIncluding": "17.1.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "39D1486B-F0D4-4D4C-A11B-E3E1E6F30162",
              "versionEndExcluding": "17.5.1.4",
              "versionStartIncluding": "17.5.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "2736B84F-D892-4602-8BE7-4329E36E3BB5",
              "versionEndExcluding": "17.1.3.1",
              "versionStartIncluding": "17.1.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "44BA40A5-F1F9-416A-AF7A-7624A2620B4F",
              "versionEndExcluding": "17.5.1.4",
              "versionStartIncluding": "17.5.0.",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "C92E57FE-57F4-4FF5-A89C-FE4BDB804060",
              "versionEndExcluding": "17.1.3.1",
              "versionStartIncluding": "17.1.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "83C8F4D3-FE1E-4BDC-AD32-BC570F325022",
              "versionEndExcluding": "17.5.1.4",
              "versionStartIncluding": "17.5.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "A93E9509-2B18-49D1-9B78-CC49EACFA930",
              "versionEndExcluding": "17.1.3.1",
              "versionStartIncluding": "17.1.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "58006023-CFF1-41B3-9961-6D2728E45FE1",
              "versionEndExcluding": "17.5.1.4",
              "versionStartIncluding": "17.5.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_ssl_orchestrator:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "68C52EBC-167C-4D46-93E1-0302860D42CD",
              "versionEndExcluding": "17.1.3.1",
              "versionStartIncluding": "17.1.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_ssl_orchestrator:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "27838D60-7CB2-464A-85CD-9F2BF94DED28",
              "versionEndExcluding": "17.5.1.4",
              "versionStartIncluding": "17.5.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "0CCD0DDB-D6EA-47D1-9E90-90D194B981E7",
              "versionEndExcluding": "17.1.3.1",
              "versionStartIncluding": "17.1.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "D83813AD-9401-43F1-9C9A-A52F3334C05F",
              "versionEndExcluding": "17.5.1.4",
              "versionStartIncluding": "17.5.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_websafe:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "8229B10B-0902-4FAC-B31D-8DB9E0A3F348",
              "versionEndExcluding": "17.1.3.1",
              "versionStartIncluding": "17.1.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_websafe:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "95965E49-EC7F-4CBE-9E1C-B0A8E3057329",
              "versionEndExcluding": "17.5.1.4",
              "versionStartIncluding": "17.5.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A vulnerability exists in an undisclosed BIG-IP Configuration utility page that may allow an attacker to spoof error messages.\u00a0\u00a0Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated."
    },
    {
      "lang": "es",
      "value": "Existe una vulnerabilidad en una p\u00e1gina no revelada de la utilidad de configuraci\u00f3n de BIG-IP que podr\u00eda permitir a un atacante suplantar mensajes de error. Nota: Las versiones de software que han alcanzado el Fin de Soporte T\u00e9cnico (EoTS) no son evaluadas."
    }
  ],
  "id": "CVE-2026-20732",
  "lastModified": "2026-02-13T21:44:33.627",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 3.1,
          "baseSeverity": "LOW",
          "confidentialityImpact": "NONE",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 1.6,
        "impactScore": 1.4,
        "source": "f5sirt@f5.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 1.4,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ],
    "cvssMetricV40": [
      {
        "cvssData": {
          "Automatable": "NOT_DEFINED",
          "Recovery": "NOT_DEFINED",
          "Safety": "NOT_DEFINED",
          "attackComplexity": "HIGH",
          "attackRequirements": "NONE",
          "attackVector": "NETWORK",
          "availabilityRequirement": "NOT_DEFINED",
          "baseScore": 2.3,
          "baseSeverity": "LOW",
          "confidentialityRequirement": "NOT_DEFINED",
          "exploitMaturity": "NOT_DEFINED",
          "integrityRequirement": "NOT_DEFINED",
          "modifiedAttackComplexity": "NOT_DEFINED",
          "modifiedAttackRequirements": "NOT_DEFINED",
          "modifiedAttackVector": "NOT_DEFINED",
          "modifiedPrivilegesRequired": "NOT_DEFINED",
          "modifiedSubAvailabilityImpact": "NOT_DEFINED",
          "modifiedSubConfidentialityImpact": "NOT_DEFINED",
          "modifiedSubIntegrityImpact": "NOT_DEFINED",
          "modifiedUserInteraction": "NOT_DEFINED",
          "modifiedVulnAvailabilityImpact": "NOT_DEFINED",
          "modifiedVulnConfidentialityImpact": "NOT_DEFINED",
          "modifiedVulnIntegrityImpact": "NOT_DEFINED",
          "privilegesRequired": "NONE",
          "providerUrgency": "NOT_DEFINED",
          "subAvailabilityImpact": "NONE",
          "subConfidentialityImpact": "NONE",
          "subIntegrityImpact": "NONE",
          "userInteraction": "PASSIVE",
          "valueDensity": "NOT_DEFINED",
          "vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
          "version": "4.0",
          "vulnAvailabilityImpact": "NONE",
          "vulnConfidentialityImpact": "NONE",
          "vulnIntegrityImpact": "LOW",
          "vulnerabilityResponseEffort": "NOT_DEFINED"
        },
        "source": "f5sirt@f5.com",
        "type": "Secondary"
      }
    ]
  },
  "published": "2026-02-04T15:16:14.740",
  "references": [
    {
      "source": "f5sirt@f5.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://my.f5.com/manage/s/article/K000156644"
    }
  ],
  "sourceIdentifier": "f5sirt@f5.com",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-451"
        }
      ],
      "source": "f5sirt@f5.com",
      "type": "Primary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

CERTFR-2026-AVI-0120

Vulnerability from certfr_avis - Published: 2026-02-05 - Updated: 2026-02-05

De multiples vulnérabilités ont été découvertes dans les produits F5. Certaines d'entre elles permettent à un attaquant de provoquer un déni de service à distance, une atteinte à la confidentialité des données et une atteinte à l'intégrité des données.

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Impacted products

Vendor	Product	Description
F5	NGINX	Nginx Open Source versions 1.29.x antérieures à 1.29.5
F5	BIG-IP	BIG-IP versions 17.1.x antérieures à 17.1.3.1
F5	NGINX	Nginx Plus versions R36 antérieures à R36 P1
F5	BIG-IP	BIG-IP Container Ingress Services for Kubernetes and OpenShift versions 2.x antérieures à 2.20.2
F5	BIG-IP	BIG-IP versions 17.5.x antérieures à 17.5.1.4
F5	BIG-IP	APM Clients versions 7.2.x antérieures à 7.2.6.2
F5	BIG-IP	BIG-IP versions 21.x antérieures à 21.0.0.1
F5	BIG-IP	BIG-IP Advanced WAF/ASM versions 17.1.x antérieures à 17.1.3
F5	NGINX	Nginx Open Source versions antérieures à 1.28.2
F5	NGINX	Nginx Ingress Controller versions 3.x à 5.x sans la version corrective de Nginx plus ou Nginx Open Source
F5	NGINX	Nginx Instance Manager versions 2.x sans la version corrective de Nginx Open Source
F5	NGINX	Nginx Plus versions R32 antérieures à R32 P4
F5	NGINX	Nginx Gateway Fabric versions 1.x et 2.x sans la version corrective de Nginx plus ou Nginx Open Source
F5	NGINX	Nginx Plus versions R35 antérieures à R35 P1

References

Title

Publication Time

Tags

Bulletin de sécurité F5 K000156643	2026-02-04	vendor-advisory
Bulletin de sécurité F5 K000157960	2026-02-04	vendor-advisory
Bulletin de sécurité F5 K000159824	2026-02-05	vendor-advisory
Bulletin de sécurité F5 K000158931	2026-02-04	vendor-advisory
Bulletin de sécurité F5 K000159076	2026-02-04	vendor-advisory
Bulletin de sécurité F5 K000156644	2026-02-04	vendor-advisory
Bulletin de sécurité F5 K000158072	2026-02-04	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Nginx Open Source versions 1.29.x ant\u00e9rieures \u00e0 1.29.5",
      "product": {
        "name": "NGINX",
        "vendor": {
          "name": "F5",
          "scada": false
        }
      }
    },
    {
      "description": "BIG-IP versions 17.1.x ant\u00e9rieures \u00e0 17.1.3.1",
      "product": {
        "name": "BIG-IP",
        "vendor": {
          "name": "F5",
          "scada": false
        }
      }
    },
    {
      "description": "Nginx Plus versions R36 ant\u00e9rieures \u00e0 R36 P1",
      "product": {
        "name": "NGINX",
        "vendor": {
          "name": "F5",
          "scada": false
        }
      }
    },
    {
      "description": "BIG-IP Container Ingress Services for Kubernetes and OpenShift versions 2.x ant\u00e9rieures \u00e0 2.20.2",
      "product": {
        "name": "BIG-IP",
        "vendor": {
          "name": "F5",
          "scada": false
        }
      }
    },
    {
      "description": "BIG-IP versions 17.5.x ant\u00e9rieures \u00e0 17.5.1.4",
      "product": {
        "name": "BIG-IP",
        "vendor": {
          "name": "F5",
          "scada": false
        }
      }
    },
    {
      "description": "APM Clients versions 7.2.x ant\u00e9rieures \u00e0 7.2.6.2",
      "product": {
        "name": "BIG-IP",
        "vendor": {
          "name": "F5",
          "scada": false
        }
      }
    },
    {
      "description": "BIG-IP versions 21.x ant\u00e9rieures \u00e0 21.0.0.1",
      "product": {
        "name": "BIG-IP",
        "vendor": {
          "name": "F5",
          "scada": false
        }
      }
    },
    {
      "description": "BIG-IP Advanced WAF/ASM versions 17.1.x ant\u00e9rieures \u00e0 17.1.3",
      "product": {
        "name": "BIG-IP",
        "vendor": {
          "name": "F5",
          "scada": false
        }
      }
    },
    {
      "description": "Nginx Open Source versions ant\u00e9rieures \u00e0 1.28.2",
      "product": {
        "name": "NGINX",
        "vendor": {
          "name": "F5",
          "scada": false
        }
      }
    },
    {
      "description": "Nginx Ingress Controller versions 3.x \u00e0 5.x sans la version corrective de Nginx plus ou Nginx Open Source",
      "product": {
        "name": "NGINX",
        "vendor": {
          "name": "F5",
          "scada": false
        }
      }
    },
    {
      "description": "Nginx Instance Manager versions 2.x sans la version corrective de Nginx Open Source",
      "product": {
        "name": "NGINX",
        "vendor": {
          "name": "F5",
          "scada": false
        }
      }
    },
    {
      "description": "Nginx Plus versions R32 ant\u00e9rieures \u00e0 R32 P4",
      "product": {
        "name": "NGINX",
        "vendor": {
          "name": "F5",
          "scada": false
        }
      }
    },
    {
      "description": "Nginx Gateway Fabric versions 1.x et 2.x sans la version corrective de Nginx plus ou Nginx Open Source",
      "product": {
        "name": "NGINX",
        "vendor": {
          "name": "F5",
          "scada": false
        }
      }
    },
    {
      "description": "Nginx Plus versions R35 ant\u00e9rieures \u00e0 R35 P1",
      "product": {
        "name": "NGINX",
        "vendor": {
          "name": "F5",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": "",
  "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
  "cves": [
    {
      "name": "CVE-2026-1642",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-1642"
    },
    {
      "name": "CVE-2026-22549",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-22549"
    },
    {
      "name": "CVE-2026-20730",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-20730"
    },
    {
      "name": "CVE-2026-22548",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-22548"
    },
    {
      "name": "CVE-2026-20732",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-20732"
    }
  ],
  "initial_release_date": "2026-02-05T00:00:00",
  "last_revision_date": "2026-02-05T00:00:00",
  "links": [],
  "reference": "CERTFR-2026-AVI-0120",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2026-02-05T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits F5. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer un d\u00e9ni de service \u00e0 distance, une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es et une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es.",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits F5",
  "vendor_advisories": [
    {
      "published_at": "2026-02-04",
      "title": "Bulletin de s\u00e9curit\u00e9 F5 K000156643",
      "url": "https://my.f5.com/manage/s/article/K000156643"
    },
    {
      "published_at": "2026-02-04",
      "title": "Bulletin de s\u00e9curit\u00e9 F5 K000157960",
      "url": "https://my.f5.com/manage/s/article/K000157960"
    },
    {
      "published_at": "2026-02-05",
      "title": "Bulletin de s\u00e9curit\u00e9 F5 K000159824",
      "url": "https://my.f5.com/manage/s/article/K000159824"
    },
    {
      "published_at": "2026-02-04",
      "title": "Bulletin de s\u00e9curit\u00e9 F5 K000158931",
      "url": "https://my.f5.com/manage/s/article/K000158931"
    },
    {
      "published_at": "2026-02-04",
      "title": "Bulletin de s\u00e9curit\u00e9 F5 K000159076",
      "url": "https://my.f5.com/manage/s/article/K000159076"
    },
    {
      "published_at": "2026-02-04",
      "title": "Bulletin de s\u00e9curit\u00e9 F5 K000156644",
      "url": "https://my.f5.com/manage/s/article/K000156644"
    },
    {
      "published_at": "2026-02-04",
      "title": "Bulletin de s\u00e9curit\u00e9 F5 K000158072",
      "url": "https://my.f5.com/manage/s/article/K000158072"
    }
  ]
}

CERTFR-2026-AVI-0120

Vulnerability from certfr_avis - Published: 2026-02-05 - Updated: 2026-02-05

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Impacted products

Vendor	Product	Description
F5	NGINX	Nginx Open Source versions 1.29.x antérieures à 1.29.5
F5	BIG-IP	BIG-IP versions 17.1.x antérieures à 17.1.3.1
F5	NGINX	Nginx Plus versions R36 antérieures à R36 P1
F5	BIG-IP	BIG-IP Container Ingress Services for Kubernetes and OpenShift versions 2.x antérieures à 2.20.2
F5	BIG-IP	BIG-IP versions 17.5.x antérieures à 17.5.1.4
F5	BIG-IP	APM Clients versions 7.2.x antérieures à 7.2.6.2
F5	BIG-IP	BIG-IP versions 21.x antérieures à 21.0.0.1
F5	BIG-IP	BIG-IP Advanced WAF/ASM versions 17.1.x antérieures à 17.1.3
F5	NGINX	Nginx Open Source versions antérieures à 1.28.2
F5	NGINX	Nginx Ingress Controller versions 3.x à 5.x sans la version corrective de Nginx plus ou Nginx Open Source
F5	NGINX	Nginx Instance Manager versions 2.x sans la version corrective de Nginx Open Source
F5	NGINX	Nginx Plus versions R32 antérieures à R32 P4
F5	NGINX	Nginx Gateway Fabric versions 1.x et 2.x sans la version corrective de Nginx plus ou Nginx Open Source
F5	NGINX	Nginx Plus versions R35 antérieures à R35 P1

References

Title

Publication Time

Tags

Bulletin de sécurité F5 K000156643	2026-02-04	vendor-advisory
Bulletin de sécurité F5 K000157960	2026-02-04	vendor-advisory
Bulletin de sécurité F5 K000159824	2026-02-05	vendor-advisory
Bulletin de sécurité F5 K000158931	2026-02-04	vendor-advisory
Bulletin de sécurité F5 K000159076	2026-02-04	vendor-advisory
Bulletin de sécurité F5 K000156644	2026-02-04	vendor-advisory
Bulletin de sécurité F5 K000158072	2026-02-04	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Nginx Open Source versions 1.29.x ant\u00e9rieures \u00e0 1.29.5",
      "product": {
        "name": "NGINX",
        "vendor": {
          "name": "F5",
          "scada": false
        }
      }
    },
    {
      "description": "BIG-IP versions 17.1.x ant\u00e9rieures \u00e0 17.1.3.1",
      "product": {
        "name": "BIG-IP",
        "vendor": {
          "name": "F5",
          "scada": false
        }
      }
    },
    {
      "description": "Nginx Plus versions R36 ant\u00e9rieures \u00e0 R36 P1",
      "product": {
        "name": "NGINX",
        "vendor": {
          "name": "F5",
          "scada": false
        }
      }
    },
    {
      "description": "BIG-IP Container Ingress Services for Kubernetes and OpenShift versions 2.x ant\u00e9rieures \u00e0 2.20.2",
      "product": {
        "name": "BIG-IP",
        "vendor": {
          "name": "F5",
          "scada": false
        }
      }
    },
    {
      "description": "BIG-IP versions 17.5.x ant\u00e9rieures \u00e0 17.5.1.4",
      "product": {
        "name": "BIG-IP",
        "vendor": {
          "name": "F5",
          "scada": false
        }
      }
    },
    {
      "description": "APM Clients versions 7.2.x ant\u00e9rieures \u00e0 7.2.6.2",
      "product": {
        "name": "BIG-IP",
        "vendor": {
          "name": "F5",
          "scada": false
        }
      }
    },
    {
      "description": "BIG-IP versions 21.x ant\u00e9rieures \u00e0 21.0.0.1",
      "product": {
        "name": "BIG-IP",
        "vendor": {
          "name": "F5",
          "scada": false
        }
      }
    },
    {
      "description": "BIG-IP Advanced WAF/ASM versions 17.1.x ant\u00e9rieures \u00e0 17.1.3",
      "product": {
        "name": "BIG-IP",
        "vendor": {
          "name": "F5",
          "scada": false
        }
      }
    },
    {
      "description": "Nginx Open Source versions ant\u00e9rieures \u00e0 1.28.2",
      "product": {
        "name": "NGINX",
        "vendor": {
          "name": "F5",
          "scada": false
        }
      }
    },
    {
      "description": "Nginx Ingress Controller versions 3.x \u00e0 5.x sans la version corrective de Nginx plus ou Nginx Open Source",
      "product": {
        "name": "NGINX",
        "vendor": {
          "name": "F5",
          "scada": false
        }
      }
    },
    {
      "description": "Nginx Instance Manager versions 2.x sans la version corrective de Nginx Open Source",
      "product": {
        "name": "NGINX",
        "vendor": {
          "name": "F5",
          "scada": false
        }
      }
    },
    {
      "description": "Nginx Plus versions R32 ant\u00e9rieures \u00e0 R32 P4",
      "product": {
        "name": "NGINX",
        "vendor": {
          "name": "F5",
          "scada": false
        }
      }
    },
    {
      "description": "Nginx Gateway Fabric versions 1.x et 2.x sans la version corrective de Nginx plus ou Nginx Open Source",
      "product": {
        "name": "NGINX",
        "vendor": {
          "name": "F5",
          "scada": false
        }
      }
    },
    {
      "description": "Nginx Plus versions R35 ant\u00e9rieures \u00e0 R35 P1",
      "product": {
        "name": "NGINX",
        "vendor": {
          "name": "F5",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": "",
  "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
  "cves": [
    {
      "name": "CVE-2026-1642",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-1642"
    },
    {
      "name": "CVE-2026-22549",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-22549"
    },
    {
      "name": "CVE-2026-20730",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-20730"
    },
    {
      "name": "CVE-2026-22548",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-22548"
    },
    {
      "name": "CVE-2026-20732",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-20732"
    }
  ],
  "initial_release_date": "2026-02-05T00:00:00",
  "last_revision_date": "2026-02-05T00:00:00",
  "links": [],
  "reference": "CERTFR-2026-AVI-0120",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2026-02-05T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits F5. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer un d\u00e9ni de service \u00e0 distance, une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es et une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es.",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits F5",
  "vendor_advisories": [
    {
      "published_at": "2026-02-04",
      "title": "Bulletin de s\u00e9curit\u00e9 F5 K000156643",
      "url": "https://my.f5.com/manage/s/article/K000156643"
    },
    {
      "published_at": "2026-02-04",
      "title": "Bulletin de s\u00e9curit\u00e9 F5 K000157960",
      "url": "https://my.f5.com/manage/s/article/K000157960"
    },
    {
      "published_at": "2026-02-05",
      "title": "Bulletin de s\u00e9curit\u00e9 F5 K000159824",
      "url": "https://my.f5.com/manage/s/article/K000159824"
    },
    {
      "published_at": "2026-02-04",
      "title": "Bulletin de s\u00e9curit\u00e9 F5 K000158931",
      "url": "https://my.f5.com/manage/s/article/K000158931"
    },
    {
      "published_at": "2026-02-04",
      "title": "Bulletin de s\u00e9curit\u00e9 F5 K000159076",
      "url": "https://my.f5.com/manage/s/article/K000159076"
    },
    {
      "published_at": "2026-02-04",
      "title": "Bulletin de s\u00e9curit\u00e9 F5 K000156644",
      "url": "https://my.f5.com/manage/s/article/K000156644"
    },
    {
      "published_at": "2026-02-04",
      "title": "Bulletin de s\u00e9curit\u00e9 F5 K000158072",
      "url": "https://my.f5.com/manage/s/article/K000158072"
    }
  ]
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2026-20732 (GCVE-0-2026-20732)

GHSA-FC72-GWGQ-7P26

FKIE_CVE-2026-20732

CERTFR-2026-AVI-0120

Solutions

CERTFR-2026-AVI-0120

Solutions

Tags

Sightings

Nomenclature