CVE-2026-20916

HIGH WAF: High

CVSS 8.1 Published: 2026-05-13

CWE-22

An authenticated iControl REST user with low privileges can create or modify arbitrary files through an undisclosed iControl REST endpoint on the BIG-IQ system. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

WAF Coverage Analysis

Path Traversal High WAF Coverage

OWASP: A01:2021 Broken Access Control

930xxx - Local File Inclusion

References

my.f5.com

Back to CVE Database