Vulnerabilities ›

CVE-2026-42930

High

CWE-35 — Weakness Type

                    Published: May 13, 2026                      ·  Modified: May 20, 2026                      ·  Source: NVD                

CVSS v3

8.7

🔗 NVD Official

📄 Description (English)

When running in Appliance mode, an authenticated attacker assigned the 'Administrator' role may be able to bypass Appliance mode restrictions on a BIG-IP system.

Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

🤖 AI Executive Summary

CVE-2026-42930 is a high-severity privilege escalation vulnerability in F5 BIG-IP systems running in Appliance mode that allows authenticated administrators to bypass operational restrictions. With a CVSS score of 8.7, this vulnerability poses significant risk to organizations relying on BIG-IP for network security and load balancing. The lack of available patches makes immediate compensating controls critical for Saudi organizations.

📄 Description (Arabic)

🤖 AI Intelligence Analysis Analyzed: May 19, 2026 21:16

🇸🇦 Saudi Arabia Impact Assessment

This vulnerability primarily impacts Saudi banking sector (SAMA-regulated institutions), government agencies (NCA oversight), telecommunications providers (STC, Mobily), and energy sector (ARAMCO). BIG-IP systems are widely deployed in Saudi critical infrastructure for load balancing and DDoS protection. The vulnerability allows authenticated insiders with Administrator role to circumvent Appliance mode restrictions, potentially leading to unauthorized configuration changes, data exfiltration, or service disruption. Healthcare organizations using BIG-IP for secure data transmission are also at risk.

🏢 Affected Saudi Sectors

Banking and Financial Services Government and Public Administration Telecommunications Energy and Utilities Healthcare Critical Infrastructure

🎯 MITRE ATT&CK Techniques

T1548 - Abuse Elevation Control Mechanism T1548.002 - Bypass User Account Control T1078 - Valid Accounts T1078.002 - Domain Accounts T1098 - Account Manipulation T1098.002 - Exchange Email Delegate Permissions T1562 - Impair Defenses T1562.008 - Disable or Modify Logs

⚖️ Saudi Risk Score (AI)

8.2

/ 10.0

🔧 Remediation Steps (English)

Immediate Actions:

1. Inventory all BIG-IP systems in Appliance mode across your organization

2. Restrict Administrator role assignments to essential personnel only

3. Implement multi-factor authentication (MFA) for all administrative accounts

4. Enable comprehensive audit logging for all administrative actions

5. Monitor for suspicious configuration changes in BIG-IP systems



Compensating Controls (until patch available):

1. Implement network segmentation to restrict access to BIG-IP management interfaces

2. Deploy intrusion detection rules to monitor for Appliance mode bypass attempts

3. Establish role-based access control (RBAC) with principle of least privilege

4. Conduct weekly reviews of administrative account activities and configuration changes

5. Maintain offline backups of BIG-IP configurations for rapid recovery



Detection Rules:

1. Monitor for unauthorized configuration modifications in Appliance mode

2. Alert on administrative role privilege escalation attempts

3. Track changes to system restrictions and operational policies

4. Log all authentication events for Administrator accounts

🔧 خطوات المعالجة (العربية)

الإجراءات الفورية:

1. قم بحصر جميع أنظمة BIG-IP التي تعمل في وضع الجهاز في مؤسستك

2. قيد تعيينات دور المسؤول للموظفين الأساسيين فقط

3. طبق المصادقة متعددة العوامل (MFA) لجميع الحسابات الإدارية

4. فعّل تسجيل التدقيق الشامل لجميع الإجراءات الإدارية

5. راقب التغييرات المريبة في تكوين أنظمة BIG-IP



الضوابط التعويضية (حتى توفر التصحيح):

1. طبق تقسيم الشبكة لتقييد الوصول إلى واجهات إدارة BIG-IP

2. نشر قواعد كشف التطفل لمراقبة محاولات تجاوز وضع الجهاز

3. أنشئ التحكم في الوصول القائم على الأدوار (RBAC) مع مبدأ أقل امتياز

4. أجرِ مراجعات أسبوعية لأنشطة الحسابات الإدارية والتغييرات في التكوين

5. احتفظ بنسخ احتياطية غير متصلة من تكوينات BIG-IP للاسترجاع السريع

📋 Regulatory Compliance Mapping

🟢 NCA ECC 2024

ECC 2024 A.5.1.1 - Access Control Policies ECC 2024 A.8.1.1 - User Registration and De-registration ECC 2024 A.8.2.1 - User Access Rights ECC 2024 A.8.3.1 - Management of Privileged Access Rights

🔵 SAMA CSF

SAMA CSF ID.AM-1 - Asset Management SAMA CSF PR.AC-1 - Access Control SAMA CSF PR.AC-4 - Access Rights Management SAMA CSF DE.CM-1 - System Monitoring

🟡 ISO 27001:2022

ISO 27001:2022 A.5.3 - Segregation of Duties ISO 27001:2022 A.8.2 - User Access Management ISO 27001:2022 A.8.3 - User Responsibilities ISO 27001:2022 A.8.4 - Access Rights Review

🟣 PCI DSS v4.0.1

PCI DSS 2.1 - Default Security Parameters PCI DSS 7.1 - Limit Access to System Components PCI DSS 8.1 - User Identification and Authentication

🔗 References & Sources 1

🔗

https://my.f5.com/manage/s/article/K000160876

f5sirt@f5.com

📊 CVSS Score

8.7

/ 10.0 — High

📊 CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N

Attack VectorN — None / Network

Attack ComplexityL — Low / Local

Privileges RequiredH — High

User InteractionN — None / Network

ScopeC — Changed

ConfidentialityH — High

IntegrityH — High

AvailabilityN — None / Network

📋 Quick Facts

Severity High

CVSS Score8.7

CWECWE-35

EPSS0.04%

Exploit No

Patch ✗ No

Published 2026-05-13

Source Feed nvd

🇸🇦 Saudi Risk Score

8.2

/ 10.0 — Saudi Risk

Priority: HIGH

🏷️ Tags

CWE-35

⚡ Actions

🔗 NVD Official Page ⚡ Exploit-DB Search 🐙 GitHub PoC Search 🎯 MITRE ATT&CK 📊 CVE Details

CVE-2026-42930

Introduce Yourself

Sign In Required