Login Sign Up

CVE-2026-20730

3.3 LOW

📋 TL;DR

A vulnerability in BIG-IP Edge Client and browser VPN clients on Windows may allow attackers to access sensitive information. This affects Windows users of F5's VPN client software. Only supported software versions are affected - end-of-support versions are not vulnerable.

💻 Affected Systems

Products:
  • BIG-IP Edge Client
  • BIG-IP browser VPN client
Versions: Supported versions only (specific versions not provided in CVE)
Operating Systems: Windows
Default Config Vulnerable: ⚠️ Yes
Notes: Only affects supported software versions. End-of-Technical-Support (EoTS) versions are not evaluated.

📦 What is this software?

Big Ip Access Policy Manager by F5

View all CVEs affecting Big Ip Access Policy Manager →

Big Ip Access Policy Manager by F5

View all CVEs affecting Big Ip Access Policy Manager →

Big Ip Access Policy Manager by F5

View all CVEs affecting Big Ip Access Policy Manager →

Big Ip Access Policy Manager by F5

View all CVEs affecting Big Ip Access Policy Manager →

Big Ip Access Policy Manager Client by F5

View all CVEs affecting Big Ip Access Policy Manager Client →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could access sensitive VPN credentials, session data, or other confidential information stored or transmitted by the VPN client.

🟠

Likely Case

Information disclosure of VPN client configuration or session data that could facilitate further attacks.

🟢

If Mitigated

Limited impact with proper network segmentation and monitoring in place.

🌐 Internet-Facing: LOW
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

CWE-200 indicates information exposure vulnerability. Likely requires some level of access or interaction with the VPN client.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check F5 advisory K000158931 for specific patched versions

Vendor Advisory: https://my.f5.com/manage/s/article/K000158931

Restart Required: Yes

Instructions:

1. Review F5 advisory K000158931
2. Identify affected BIG-IP Edge Client versions
3. Upgrade to patched version from F5 downloads
4. Restart affected systems

🔧 Temporary Workarounds

Disable vulnerable VPN clients

windows

Temporarily disable BIG-IP Edge Client and browser VPN clients until patched

Network segmentation

all

Restrict network access to VPN clients and monitor for unusual activity

🧯 If You Can't Patch

  • Implement strict network monitoring for VPN client connections
  • Consider alternative VPN solutions if patching not possible

🔍 How to Verify

Check if Vulnerable:

Check BIG-IP Edge Client version against F5 advisory K000158931

Check Version:

Check BIG-IP Edge Client About dialog or installed programs list

Verify Fix Applied:

Verify BIG-IP Edge Client version matches patched version from F5 advisory

📡 Detection & Monitoring

Log Indicators:

  • Unusual VPN client activity
  • Multiple failed VPN connections
  • Unexpected information access attempts

Network Indicators:

  • Unusual VPN traffic patterns
  • Unexpected data exfiltration from VPN clients

SIEM Query:

Search for VPN client errors or unusual access patterns in Windows event logs

📊 Metadata

CVE ID: CVE-2026-20730
CVSS v3 Score: 3.3 (LOW)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
CWE: CWE-200
EPSS Score: 0.02% exploit probability (5.8th percentile)
Published: February 4, 2026
Last Updated: February 13, 2026

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2026-20730, you might also want to check these:

CVE-2025-61481 10.0

MikroTik RouterOS and SwOS expose their WebFig management interface over unencrypted HTTP by default...

Same vulnerability type (CWE-200)
CVE-2025-53624 10.0

The Docusaurus gists plugin versions before 4.0.0 expose GitHub Personal Access Tokens in client-sid...

Same vulnerability type (CWE-200)
CVE-2023-49103 10.0

This vulnerability in ownCloud's graphapi app exposes PHP configuration details (phpinfo) via a thir...

Same vulnerability type (CWE-200)