Main Vulnerability Database SB2026051422

SB2026051422 - Privilege escalation in BIG-IP tmsh

Published: May 14, 2026

Security Bulletin ID SB2026051422

CSH Severity

Low

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Local access

Highest impact Data manipulation

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 vulnerability.

1) Incorrect permission assignment for critical resource (CVE-ID: CVE-2026-41217)

The vulnerability allows a local privileged user to execute arbitrary system commands with higher privileges.

The vulnerability exists due to incorrect permission assignment for critical resource in the tmsh command when handling local access to the affected command. A local privileged user can invoke the vulnerable tmsh command to execute arbitrary system commands with higher privileges.

In Appliance mode deployments, exploitation can cross a security boundary. The issue is limited to the control plane, with no data plane exposure.

Remediation

Install update from vendor's website.

References

https://my.f5.com/manage/s/article/K000161107