High severity7.2NVD Advisory· Published May 13, 2026· Updated May 13, 2026
CVE-2026-39459
CVE-2026-39459
Description
A vulnerability exists in iControl REST and the TMOS Shell (tmsh) where a highly privileged, authenticated attacker with at least the Manager role can create configuration objects that allow running arbitrary commands.
Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
Patches
Vulnerability mechanics
References
1News mentions
1- F5 Patches Over 50 VulnerabilitiesSecurityWeek · May 14, 2026