CVE-2026-41954 in BIG-IPinfo

Summary

by MITRE • 05/13/2026

Sensitive information disclosure vulnerability exists in the undisclosed iControl REST endpoint and TMOS Shell (tmsh) command which may allow an authenticated attacker with resource administrator role privileges to view sensitive information. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

Reservation

05/01/2026

Disclosure

05/13/2026

Moderation

accepted

Entry

VDB-363565

CPE

ready

CWE

CWE-200 (confirmed)

CVSS

4.9 (CNA)

EPSS

0.00070

KEV

Activities

very low

Sector

Insurance, Pharma, ...

Sources

MITRE	https://www.cve.org/CVERecord?id=CVE-2026-41954
NVD	https://nvd.nist.gov/vuln/detail/CVE-2026-41954
CVE Details	https://www.cvedetails.com/cve/CVE-2026-41954/

◂ Previous Overview Next ▸

Do you need the next level of professionalism?

Upgrade your account now!