CVE-2026-42058

An authenticated attacker's undisclosed requests to BIG-IP iControl REST can lead to an information leak of BIG-IP local user account names.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

Credits

F5 acknowledges Abutalib Alhassan Zarban for bringing this issue to our attention and following the highest standards of coordinated disclosure.

References