Cyber Resilience

CVE-2026-41953

HighRCEUpdated

Published: 13 May 2026

Published
13 May 2026
Modified
24 June 2026
KEV Added
Patch
CVSS Score v4 8.5 CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0025 16.0th percentile
Risk Priority 55 floored blend · peak EPSS

Summary

CVE-2026-41953 is a high-severity Command Injection (CWE-77) vulnerability in F5 Big-Ip Access Policy Manager. Its CVSS base score is 8.5 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 16.0th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

OWASP Top 10 for Web (2025)

EU & UK References

Vulnerability details

A vulnerability exists in BIG-IP systems where a highly privileged, authenticated attacker with at least the Resource Administrator role can modify configuration objects resulting in privilege escalation. Note: Software versions which have reached End of Technical Support (EoTS) are not…

more

evaluated.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
Why these techniques?

Direct privilege escalation via configuration object modification by authenticated high-privileged user matches Exploitation for Privilege Escalation.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2026-41217Same product: F5 Big-Ip Access Policy Manager
CVE-2025-20029Same product: F5 Big-Ip Access Policy Manager
CVE-2025-23239Same product: F5 Big-Ip Access Policy Manager
CVE-2025-21091Same product: F5 Big-Ip Access Policy Manager
CVE-2026-41225Same product: F5 Big-Ip Access Policy Manager
CVE-2025-20058Same product: F5 Big-Ip Access Policy Manager
CVE-2025-21087Same product: F5 Big-Ip Access Policy Manager
CVE-2026-41218Same product: F5 Big-Ip Access Policy Manager
CVE-2025-20045Same product: F5 Big-Ip Access Policy Manager
CVE-2025-24320Same product: F5 Big-Ip Access Policy Manager

Affected Assets

f5
big-ip access policy manager
21.0.0 · 17.1.0 — 17.1.3 · 17.5.0 — 17.5.1 · 16.1.0 — 16.1.6
f5
big-ip advanced firewall manager
21.0.0 · 17.1.0 — 17.1.3 · 17.5.0 — 17.5.1 · 16.1.0 — 16.1.6
f5
big-ip advanced web application firewall
21.0.0 · 17.1.0 — 17.1.3 · 17.5.0 — 17.5.1 · 16.1.0 — 16.1.6
f5
big-ip analytics
21.0.0 · 17.1.0 — 17.1.3 · 17.5.0 — 17.5.1 · 16.1.0 — 16.1.6
f5
big-ip application acceleration manager
21.0.0 · 17.1.0 — 17.1.3 · 17.5.0 — 17.5.1 · 16.1.0 — 16.1.6
f5
big-ip application security manager
21.0.0 · 17.1.0 — 17.1.3 · 17.5.0 — 17.5.1 · 16.1.0 — 16.1.6
f5
big-ip application visibility and reporting
21.0.0 · 17.1.0 — 17.1.3 · 17.5.0 — 17.5.1 · 16.1.0 — 16.1.6
f5
big-ip automation toolchain
21.0.0 · 17.1.0 — 17.1.3 · 17.5.0 — 17.5.1 · 16.1.0 — 16.1.6
f5
big-ip carrier-grade nat
21.0.0 · 17.1.0 — 17.1.3 · 17.5.0 — 17.5.1 · 16.1.0 — 16.1.6
f5
big-ip container ingress services
21.0.0 · 17.1.0 — 17.1.3 · 17.5.0 — 17.5.1 · 16.1.0 — 16.1.6
+11 more product configuration(s) — see NVD for full list

Mitigating Controls

No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.

References