CVE-2024-26026

HIGH

F5 BIG-IP Next Central Manager 20.0.1-20.1.x - SQL Injection via API URI

Title source: llm

Exploitation Summary

EIP tracks 2 public exploits for CVE-2024-26026. PoCs published by passwa11, GRTMALDET.

AI-analyzed exploit summary This PoC exploits an unauthenticated SQL injection vulnerability in BIG-IP Next Central Manager's API to leak password hashes. It uses a time-based blind SQLi technique to extract the admin password hash character by character.

Description

An SQL injection vulnerability exists in the BIG-IP Next Central Manager API (URI). Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated

Exploits (2)

nomisec WORKING POC 5 stars

by passwa11 · poc

https://github.com/passwa11/CVE-2024-26026

View Code ZIP pw:eip

This PoC exploits an unauthenticated SQL injection vulnerability in BIG-IP Next Central Manager's API to leak password hashes. It uses a time-based blind SQLi technique to extract the admin password hash character by character.

Classification

Working Poc 95%

Attack Type

Sqli

Complexity

Moderate

Reliability

Reliable

Target: F5 BIG-IP Next Central Manager (version not specified)

No auth needed

Prerequisites: Network access to the target API endpoint

MITRE ATT&CK

T1189 - Drive-by Compromise T1505 - Server Software Component

devstral-2 · analyzed Feb 16, 2026 Full analysis →

nomisec WORKING POC

by GRTMALDET · poc

https://github.com/GRTMALDET/Big-IP-Next-CVE-2024-26026

View Code ZIP pw:eip

This PoC exploits an unauthenticated SQL injection vulnerability in BIG-IP Next Central Manager's API to leak the admin password hash. It uses a blind SQL injection technique with time-based inference to extract the hash character by character.

Classification

Working Poc 95%

Attack Type

Sqli

Complexity

Moderate

Reliability

Reliable

Target: BIG-IP Next Central Manager

No auth needed

Prerequisites: Network access to the target BIG-IP Next Central Manager API endpoint

MITRE ATT&CK

T1189 - Drive-by Compromise T1505 - Server Software Component

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (1)

Core 1

Core References

Vendor Advisory vendor-advisory

https://my.f5.com/manage/s/article/K000138733

Scores

CVSS v3 7.5

EPSS 0.0716

EPSS Percentile 93.5%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact partial

Details

CWE

CWE-89

Status published

Products (1)

f5/big-ip_next_central_manager 20.0.1 - 20.2.0

Published May 08, 2024

Tracked Since Feb 18, 2026