EUVD-2026-29994
Files or Directories Accessible to External Parties (CWE-552)
GHSA-3xq5-wvjc-3jpx
6.9
CVSS 4.0
Share
CVSS VectorNVD
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
High
User Interaction
None
Scope
X
Lifecycle Timeline
3
CVSS changed
May 13, 2026 - 16:22 NVD
4.9 (MEDIUM)
6.9 (MEDIUM)
Analysis Generated
May 13, 2026 - 15:57 vuln.today
CVE Published
May 13, 2026 - 14:12 nvd
MEDIUM 4.9
DescriptionNVD
A vulnerability exists in iControl SOAP where an authenticated attacker with the Resource Administrator or Administrator role can download sensitive files. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
AnalysisAI
Authenticated high-privilege attackers with Resource Administrator or Administrator roles can download sensitive files from F5 BIG-IP iControl SOAP interface due to improper path validation. The vulnerability requires valid administrative credentials and does not affect versions that have reached End of Technical Support, limiting exposure to actively maintained deployments. …
Sign in for full analysis, threat intelligence, and remediation guidance.
Share
External POC / Exploit Code
Leaving vuln.today
Destination URL
POC code from unknown sources may be malicious, contain backdoors, or be fake.
Always review and test exploit code in a safe, isolated environment (VM/sandbox).
Verify the source reputation and cross-reference with known databases (Exploit-DB, GitHub Security).