7.5
CVSSv3

CVE-2024-26026

Published: 08/05/2024 Updated: 21/11/2024

Vulnerability Summary

An SQL injection vulnerability exists in the BIG-IP Next Central Manager API (URI).  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated

Vulnerability Trend

Vendor Advisories

Check Point Reference: CPAI-2024-0278 Date Published: 16 May 2024 Severity: High ...

Github Repositories

CVE-2024-26026 BIG-IP Next Central Manager API UNAUTHENTICATED SQL INJECTION link: eclypsiumcom/blog/big-vulnerabilities-in-next-gen-big-ip/

CVE-2024-26026: BIG-IP Next Central Manager API UNAUTHENTICATED SQL INJECTION

CVE-2024-26026 BIG-IP Next Central Manager API UNAUTHENTICATED SQL INJECTION link: eclypsiumcom/blog/big-vulnerabilities-in-next-gen-big-ip/

Recent Articles

New BIG-IP Next Central Manager bugs allow device takeover
BleepingComputer • Sergiu Gatlan • 08 May 2024

New BIG-IP Next Central Manager bugs allow device takeover By Sergiu Gatlan May 8, 2024 03:52 PM 0 F5 has fixed two high-severity BIG-IP Next Central Manager vulnerabilities, which can be exploited to gain admin control and create hidden rogue accounts on any managed assets. Next Central Manager allows administrators to control on-premises or cloud BIG-IP Next instances and services via a unified management user interface. The flaws are an SQL injection vulnerability (CVE-2024-26026) and an ODat...