Which versions of F5 BIG-IP and BIG-IQ are affected by CVE-2026-32643?

F5 BIG-IP and BIG-IQ Certificate Manager contains a privilege escalation vulnerability allowing authenticated administrators to execute arbitrary system commands, expanding attack scope beyond the…. A patch is available.

F5 BIG-IP and BIG-IQ CVE-2026-32643

Q: What is the CVSS score of CVE-2026-32643?

CVE-2026-32643 has a CVSS 4.0 base score of 8.5 (High). CVSS vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X. EPSS exploitation probability: 0.0%.

EUVD-2026-29961 HIGH

Execution with Unnecessary Privileges (CWE-250)

2026-05-13 f5

GHSA-frv4-jxq5-mpjm

Privilege Escalation

8.5

CVSS 4.0

CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector

Network

Attack Complexity

Low

Privileges Required

High

User Interaction

None

Scope

Lifecycle Timeline

Re-analysis Queued

May 13, 2026 - 16:22 vuln.today

cvss_changed

CVSS changed

May 13, 2026 - 16:22 NVD

8.7 (HIGH) 8.5 (HIGH)

Analysis Generated

May 13, 2026 - 15:50 vuln.today

CVE Published

May 13, 2026 - 14:12 nvd

HIGH 8.7

DescriptionNVD

A vulnerability exists in BIG-IP and BIG-IQ systems where a highly privileged, authenticated attacker with at least the Certificate Manager role can modify configuration objects that allow running arbitrary commands. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

AnalysisAI

Configuration manipulation in F5 BIG-IP and BIG-IQ Certificate Manager allows authenticated attackers with high privileges to execute arbitrary commands with scope change. Attackers holding Certificate Manager role credentials can modify configuration objects to run system commands, escalating from administrative interface access to underlying system control. …

RemediationAI

Within 24 hours: identify all F5 BIG-IP and BIG-IQ instances in production and document current versions. Within 7 days: apply vendor patches referenced in F5 K000160972 to all affected systems; contact F5 support to confirm patch version applicability for your specific BIG-IP/BIG-IQ release line. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

CVE-2026-32643 vulnerability details – vuln.today

Back

F5 BIG-IP and BIG-IQ CVE-2026-32643

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

RemediationAI

Analysis

Full analysis requires sign-in

Share

F5 BIG-IP and BIG-IQ CVE-2026-32643

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

RemediationAI

Full analysis requires sign-in

Share

External POC / Exploit Code