CVE-2026-20732 | THREATINT

Description

A vulnerability exists in an undisclosed BIG-IP Configuration utility page that may allow an attacker to spoof error messages. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

PUBLISHED Reserved 2026-01-21 | Published 2026-02-04 | Updated 2026-02-04 | Assigner f5

LOW: 3.1CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N

LOW: 2.3CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

Problem types

CWE-451: User Interface (UI) Misrepresentation of Critical Information

Product status

Default status

unknown

21.0.0 (custom) before *

unaffected

17.5.0 (custom) before 17.5.1.4

affected

17.1.0 (custom) before 17.1.3.1

affected

16.1.0 (custom) before *

affected

Credits

F5 acknowledges Michał Majchrowicz, Marcin Wyczechowski, and Zbigniew Piotrak (members of the AFINE Team) for bringing this issue to our attention and following the highest standards of coordinated disclosure. finder

References

my.f5.com/manage/s/article/K000156644 vendor-advisory

cve.org (CVE-2026-20732)

nvd.nist.gov (CVE-2026-20732)

Download JSON