Skip to main content

Big Ip Container Ingress Services CVE-2026-22549

MEDIUM
Execution with Unnecessary Privileges (CWE-250)
2026-02-04 f5sirt@f5.com
4.9
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
4.9 MEDIUM
AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
High
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
None

Lifecycle Timeline

2
Analysis Generated
Mar 12, 2026 - 21:54 vuln.today
CVE Published
Feb 04, 2026 - 16:16 nvd
MEDIUM 4.9

DescriptionCVE.org

A vulnerability exists in F5 BIG-IP Container Ingress Services that may allow excessive permissions to read cluster secrets.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

AnalysisAI

F5 BIG-IP Container Ingress Services contains an improper privilege management flaw that allows high-privileged users to read sensitive cluster secrets beyond their intended authorization scope. An authenticated attacker with elevated permissions could exploit this vulnerability to gain unauthorized access to confidential Kubernetes cluster data. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Vulnerability AssessmentAI

Risk Assessment CVSS 4.9 (MEDIUM). … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker could exploit this vulnerability to excessive permissions to read cluster secrets.
Remediation Monitor vendor advisories for a patch. … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

Within 30 days: Identify affected systems and apply vendor patches as part of regular patch cycle. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

CVE-2025-20029 HIGH
8.7 Feb 05

F5 BIG-IP contains an authenticated command injection in the iControl REST API and TMOS Shell (tmsh) save command. Authe

CVE-2025-21087 HIGH
8.9 Feb 05

When Client or Server SSL profiles are configured on a Virtual Server, or DNSSEC signing operations are in use, undisclo

CVE-2025-41433 HIGH
8.7 May 07

When a Session Initiation Protocol (SIP) message routing framework (MRF) application layer gateway (ALG) profile is conf

CVE-2025-21091 HIGH
8.7 Feb 05

When SNMP v1 or v2c are disabled on the BIG-IP, undisclosed requests can cause an increase in memory resource utilizatio

CVE-2025-36504 HIGH
8.7 May 07

When a BIG-IP HTTP/2 httprouter profile is configured on a virtual server, undisclosed responses can cause an increase i

CVE-2025-31644 HIGH
8.5 May 07

When running in Appliance mode, a command injection vulnerability exists in an undisclosed iControl REST and BIG-IP TMOS

CVE-2026-20732 LOW
3.1 Feb 04

Big-Ip Access Policy Manager is affected by user interface (ui) misrepresentation of critical information (CVSS 3.1).

CVE-2025-54500 MEDIUM
6.9 Aug 13

An HTTP/2 implementation flaw allows a denial-of-service (DoS) that uses malformed HTTP/2 control frames in order to bre

CVE-2025-52585 HIGH
8.7 Aug 13

When a BIG-IP LTM Client SSL profile is configured on a virtual server with SSL Forward Proxy enabled and Anonymous Diff

CVE-2025-41414 HIGH
8.7 May 07

When HTTP/2 client and server profile is configured on a virtual server, undisclosed requests can cause TMM to terminate

CVE-2025-41399 HIGH
8.7 May 07

When a Stream Control Transmission Protocol (SCTP) profile is configured on a virtual server, undisclosed requests can c

CVE-2025-24320 MEDIUM
5.1 Feb 05

A stored cross-site scripting (XSS) vulnerability exists in an undisclosed page of the BIG-IP Configuration utility that

Share

CVE-2026-22549 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy