CVE-2026-32673: CWE-250 Execution with Unnecessary Privileges in F5 BIG-IP
A vulnerability exists in BIG-IP scripted monitors that may allow an authenticated attacker with the Resource Administrator or Administrator role to execute arbitrary system commands with higher privileges. In appliance mode deployments, a successful exploit can allow the attacker to cross a security boundary. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
AI Analysis
Technical Summary
This vulnerability (CVE-2026-32673) in F5 BIG-IP involves execution with unnecessary privileges (CWE-250) in scripted monitors. Authenticated users with Resource Administrator or Administrator roles can execute arbitrary system commands with higher privileges than intended. In appliance mode deployments, this can allow crossing security boundaries. The CVSS 3.1 base score is 6.5, reflecting network attack vector, low attack complexity, high privileges required, no user interaction, unchanged scope, and high confidentiality and integrity impact but no availability impact. Affected versions include 21.0.0, 17.5.0, 17.1.0, and 16.1.0. No vendor advisory or patch information is provided, and the vulnerability is not known to be exploited in the wild.
Potential Impact
An authenticated attacker with Resource Administrator or Administrator privileges can execute arbitrary system commands with elevated privileges on affected BIG-IP versions. This can compromise confidentiality and integrity of the system. In appliance mode, the attacker may cross security boundaries, potentially increasing the impact. Availability is not affected. Since exploitation requires high privileges, the risk is limited to users with significant access.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is available, restrict Resource Administrator and Administrator roles to trusted personnel only. Monitor for unusual activity related to scripted monitors. No official remediation or temporary fix has been published by the vendor as of now.
CVE-2026-32673: CWE-250 Execution with Unnecessary Privileges in F5 BIG-IP
Description
A vulnerability exists in BIG-IP scripted monitors that may allow an authenticated attacker with the Resource Administrator or Administrator role to execute arbitrary system commands with higher privileges. In appliance mode deployments, a successful exploit can allow the attacker to cross a security boundary. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
This vulnerability (CVE-2026-32673) in F5 BIG-IP involves execution with unnecessary privileges (CWE-250) in scripted monitors. Authenticated users with Resource Administrator or Administrator roles can execute arbitrary system commands with higher privileges than intended. In appliance mode deployments, this can allow crossing security boundaries. The CVSS 3.1 base score is 6.5, reflecting network attack vector, low attack complexity, high privileges required, no user interaction, unchanged scope, and high confidentiality and integrity impact but no availability impact. Affected versions include 21.0.0, 17.5.0, 17.1.0, and 16.1.0. No vendor advisory or patch information is provided, and the vulnerability is not known to be exploited in the wild.
Potential Impact
An authenticated attacker with Resource Administrator or Administrator privileges can execute arbitrary system commands with elevated privileges on affected BIG-IP versions. This can compromise confidentiality and integrity of the system. In appliance mode, the attacker may cross security boundaries, potentially increasing the impact. Availability is not affected. Since exploitation requires high privileges, the risk is limited to users with significant access.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is available, restrict Resource Administrator and Administrator roles to trusted personnel only. Monitor for unusual activity related to scripted monitors. No official remediation or temporary fix has been published by the vendor as of now.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- f5
- Date Reserved
- 2026-04-30T23:04:20.003Z
- Cvss Version
- 3.1
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 6a049703cbff5d8610dff365
Added to database: 5/13/2026, 3:21:39 PM
Last enriched: 5/13/2026, 4:08:06 PM
Last updated: 5/14/2026, 6:49:09 AM
Views: 2
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
External Links
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.