Is there a patch available for CVE-2026-40061?

Yes, a patch is available for CVE-2026-40061. Update the affected software to the latest version immediately.

F5 BIG-IP DNS CVE-2026-40061

Q: What is the CVSS score of CVE-2026-40061?

CVE-2026-40061 has a CVSS 4.0 base score of 8.5 (High). CVSS vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X. EPSS exploitation probability: 0.1%.

EUVD-2026-29970 HIGH

Command Injection (CWE-77)

2026-05-13 f5

GHSA-rpj4-762v-f8r2

Command Injection

8.5

CVSS 4.0

CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector

Network

Attack Complexity

Low

Privileges Required

High

User Interaction

None

Scope

Lifecycle Timeline

Re-analysis Queued

May 13, 2026 - 16:22 vuln.today

cvss_changed

Severity Changed

May 13, 2026 - 16:22 NVD

MEDIUM HIGH

CVSS changed

May 13, 2026 - 16:22 NVD

6.5 (MEDIUM) 8.5 (HIGH)

Analysis Generated

May 13, 2026 - 15:57 vuln.today

CVE Published

May 13, 2026 - 14:12 nvd

MEDIUM 6.5

DescriptionNVD

When BIG-IP DNS is provisioned, a vulnerability exists in an undisclosed iControl REST and BIG-IP TMOS Shell (tmsh) command that may allow an authenticated attacker with the Resource Administrator or Administrator role to execute arbitrary system commands with higher privileges. In Appliance mode deployments, a successful exploit can allow the attacker to cross a security boundary. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

AnalysisAI

Authenticated attackers with Resource Administrator or Administrator role can execute arbitrary system commands via undisclosed iControl REST or BIG-IP TMOS Shell (tmsh) commands, potentially escalating privileges and crossing security boundaries in Appliance mode deployments. CVSS 6.5 reflects high privileges required (PR:H) but high confidentiality and integrity impact. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

CVE-2026-40061 vulnerability details – vuln.today

Back

F5 BIG-IP DNS CVE-2026-40061

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

Analysis

Full analysis requires sign-in

Share

F5 BIG-IP DNS CVE-2026-40061

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

Full analysis requires sign-in

Share

External POC / Exploit Code