CVE-2026-20732

LOW

BIG-IP - Info Disclosure

Title source: llm

Description

A vulnerability exists in an undisclosed BIG-IP Configuration utility page that may allow an attacker to spoof error messages.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

References (1)

Scores

CVSS v3 3.1
EPSS 0.0006
EPSS Percentile 17.1%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N

Classification

CWE
CWE-451
Status published

Affected Products (21)

f5/big-ip_access_policy_manager < 16.1.6
f5/big-ip_advanced_firewall_manager < 16.1.6
f5/big-ip_advanced_web_application_firewall < 16.1.6
f5/big-ip_analytics < 16.1.6
f5/big-ip_application_acceleration_manager < 16.1.6
f5/big-ip_application_security_manager < 16.1.6
f5/big-ip_application_visibility_and_reporting < 16.1.6
f5/big-ip_automation_toolchain < 16.1.6
f5/big-ip_carrier-grade_nat < 16.1.6
f5/big-ip_container_ingress_services < 16.1.6
f5/big-ip_ddos_hybrid_defender < 16.1.6
f5/big-ip_domain_name_system < 16.1.6
f5/big-ip_edge_gateway < 16.1.6
f5/big-ip_fraud_protection_service < 16.1.6
f5/big-ip_global_traffic_manager < 16.1.6
... and 6 more

Timeline

Published Feb 04, 2026
Tracked Since Feb 18, 2026