Which versions of BIG-IP and BIG-IQ are affected by EUVD-2026-29979?

CVE-2026-40698 affects F5 BIG-IP and BIG-IQ systems and enables privilege escalation from Resource Administrator to root through SNMP configuration manipulation, creating insider threat and…. A patch is available.

How to fix or mitigate EUVD-2026-29979?

Within 24 hours: Identify all F5 BIG-IP and BIG-IQ systems in your environment and confirm current versions against F5 security advisory K000160981. Within 7 days: Apply vendor-released patches per advisory K000160981 to all affected systems, prioritizing production instances. Within 30 days: Verify patch application across all systems, review and restrict Resource Administrator role assignments to minimize credential exposure, and implement audit logging of administrative SNMP configuration changes.

BIG-IP and BIG-IQ EUVD-2026-29979

Q: What is the CVSS score of EUVD-2026-29979?

EUVD-2026-29979 has a CVSS 4.0 base score of 8.5 (High). CVSS vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X. EPSS exploitation probability: 0.1%.

| CVE-2026-40698 HIGH

Command Injection (CWE-77)

2026-05-13 f5

GHSA-r6m3-x9hj-j6gx

Privilege Escalation Command Injection

8.5

CVSS 4.0

CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector

Network

Attack Complexity

Low

Privileges Required

High

User Interaction

None

Scope

Lifecycle Timeline

Re-analysis Queued

May 13, 2026 - 16:22 vuln.today

cvss_changed

CVSS changed

May 13, 2026 - 16:22 NVD

8.7 (HIGH) 8.5 (HIGH)

Analysis Generated

May 13, 2026 - 15:48 vuln.today

CVE Published

May 13, 2026 - 14:12 nvd

HIGH 8.7

DescriptionNVD

A vulnerability exists in BIG-IP and BIG-IQ systems where a highly privileged, authenticated attacker with at least the Resource Administrator role can create SNMP configuration objects through iControl REST or the TMOS shell (tmsh) resulting in privilege escalation. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

AnalysisAI

Command injection in F5 BIG-IP and BIG-IQ SNMP configuration allows highly privileged Resource Administrators to escalate privileges to root via crafted iControl REST API calls or TMOS shell commands. Despite the high CVSS score (8.7), exploitation requires existing Resource Administrator credentials, significantly limiting real-world attack surface to insider threats or post-compromise scenarios. …

RemediationAI

Within 24 hours: Identify all F5 BIG-IP and BIG-IQ systems in your environment and confirm current versions against F5 security advisory K000160981. Within 7 days: Apply vendor-released patches per advisory K000160981 to all affected systems, prioritizing production instances. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

EUVD-2026-29979 vulnerability details – vuln.today

Back

BIG-IP and BIG-IQ EUVD-2026-29979

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

RemediationAI

Analysis

Full analysis requires sign-in

Share

BIG-IP and BIG-IQ EUVD-2026-29979

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

RemediationAI

Full analysis requires sign-in

Share

External POC / Exploit Code