CVE-2026-40703— BIG-IP Configuration utility CSRF vulnerability
Possible ATT&CK Techniques 2AI
T1566.002 · Spearphishing Link T1190 · Exploit Public-Facing ApplicationGet alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2026-40703
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
BIG-IP Configuration utility CSRF vulnerability
Source: NVD (National Vulnerability Database)
Vulnerability Description
A cross-site request forgery (CSRF) vulnerability exists in the dashboard of the BIG-IP Configuration utility. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L
Source: NVD (National Vulnerability Database)
Vulnerability Type
跨站请求伪造(CSRF)
Source: NVD (National Vulnerability Database)
Vulnerability Title
F5 BIG-IP 跨站请求伪造漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
F5 BIG-IP是美国F5公司的一款集成了网络流量管理、应用程序安全管理、负载均衡等功能的应用交付平台。 F5 BIG-IP存在跨站请求伪造漏洞,该漏洞源于仪表板,可能造成配置篡改等影响。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
II. Public POCs for CVE-2026-40703
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2026-40703
请登录查看更多情报信息。
Same Patch Batch · F5 · 2026-05-13 · 51 CVEs total
| CVE-2026-41225 | 9.1 CRITICAL | iControl REST vulnerability |
| CVE-2026-41957 | 8.8 HIGH | BIG-IP and BIG-IQ Configuration utility vulnerability |
| CVE-2026-40061 | 8.7 HIGH | iControl REST and tmsh vulnerability |
| CVE-2026-42930 | 8.7 HIGH | Appliance mode iControl REST vulnerability |
| CVE-2026-32673 | 8.7 HIGH | BIG-IP scripted monitor vulnerability |
| CVE-2026-34176 | 8.7 HIGH | Knowledge Appliance mode iControl REST vulnerability |
| CVE-2026-42945 | 8.1 HIGH | NGINX ngx_http_rewrite_module vulnerability |
| CVE-2026-20916 | 8.1 HIGH | BIG-IQ iControl REST vulnerability |
| CVE-2026-41217 | 7.9 HIGH | BIG-IP tmsh vulnerability |
| CVE-2026-41218 | 7.5 HIGH | BIG-IP PEM iRules vulnerability |
| CVE-2026-39455 | 7.5 HIGH | BIG-IP Configuration utility vulnerability |
| CVE-2026-39458 | 7.5 HIGH | BIG-IP DNS Cache vulnerability |
| CVE-2026-40423 | 7.5 HIGH | BIG-IP SIP profile vulnerability |
| CVE-2026-40629 | 7.5 HIGH | BIG-IP SSL/TLS vulnerability |
| CVE-2026-42920 | 7.5 HIGH | BIG-IP DTLS Vulnerability |
| CVE-2026-40618 | 7.5 HIGH | BIG-IP SSL/TLS vulnerability |
| CVE-2026-41956 | 7.5 HIGH | BIG-IP TMM Vulnerability |
| CVE-2026-40060 | 7.5 HIGH | BIG-IP Advanced WAF and ASM vulnerability |
| CVE-2026-41227 | 7.5 HIGH | BIG-IP HTTP/2 Layer 7 Dos Protection vulnerability |
| CVE-2026-42409 | 7.5 HIGH | BIG-IP HTTP/2 vulnerability |
Showing top 20 of 51 CVEs. View all on vendor page → →
IV. Related Vulnerabilities
Same vendor: F5
Same weakness: CWE-352
- CVE-2018-25334
Zechat 1.5 Cross-Site Request Forgery (CSRF) via hashtag par - CVE-2018-25337
Joomla JoomOCShop 1.0 Cross-Site Request Forgery - CVE-2018-25336
Joomla jCart for OpenCart 2.3.0.2 Cross-Site Request Forgery - CVE-2018-25327
Joomla! Component Js Jobs 1.2.0 Cross-Site Request Forgery - CVE-2018-25321
TP-Link TL-WR720N All Versions CSRF via Administrative Inter
V. Comments for CVE-2026-40703
No comments yet