CVE-2026-20732

Q: What is the severity of CVE-2026-20732?

CVE-2026-20732 has a CVSS score of 3.1 (LOW). This vulnerability in an undisclosed BIG-IP Configuration utility page allows attackers to spoof error messages, potentially tricking users into performing unintended actions. It affects BIG-IP systems running supported software versions. Systems with End of Technical Support (EoTS) versions are not evaluated but may still be vulnerable.

3.1 LOW

📋 TL;DR

This vulnerability in an undisclosed BIG-IP Configuration utility page allows attackers to spoof error messages, potentially tricking users into performing unintended actions. It affects BIG-IP systems running supported software versions. Systems with End of Technical Support (EoTS) versions are not evaluated but may still be vulnerable.

💻 Affected Systems

Products:

F5 BIG-IP

Versions: Supported versions only (EoTS versions not evaluated)

Operating Systems: F5 TMOS

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects an undisclosed Configuration utility page. EoTS versions may be vulnerable but are not officially evaluated.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could spoof critical error messages to trick administrators into disabling security controls, changing configurations, or providing credentials.

🟠

Likely Case

Social engineering attacks where users are tricked into believing false error conditions, potentially leading to configuration changes or information disclosure.

🟢

If Mitigated

Limited impact with proper user training and access controls, as the vulnerability requires user interaction with spoofed messages.

🌐 Internet-Facing: MEDIUM - BIG-IP Configuration utilities are often internet-facing, but exploitation requires user interaction with spoofed content.

🏢 Internal Only: LOW - Internal users with proper training are less likely to fall for spoofed error messages.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires the attacker to have access to the Configuration utility page and the ability to present spoofed content to users.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check K000156644 for specific fixed versions

Vendor Advisory: https://my.f5.com/manage/s/article/K000156644

Restart Required: Yes

Instructions:

1. Review K000156644 for affected versions. 2. Upgrade to fixed version. 3. Restart BIG-IP services. 4. Verify the Configuration utility functions correctly.

🔧 Temporary Workarounds

Restrict Configuration Utility Access

all

Limit access to the BIG-IP Configuration utility to trusted networks and users only

Configure firewall rules to restrict access to BIG-IP management interfaces

User Awareness Training

all

Train administrators to verify error messages and not trust unexpected prompts

🧯 If You Can't Patch

Implement strict access controls to limit who can access the Configuration utility
Monitor Configuration utility access logs for suspicious activity

🔍 How to Verify

Check if Vulnerable:

Check BIG-IP version against affected versions listed in K000156644

Check Version:

tmsh show sys version

Verify Fix Applied:

Verify BIG-IP version is updated to fixed version and test Configuration utility functionality

📡 Detection & Monitoring

Log Indicators:

Unusual Configuration utility access patterns
Multiple failed login attempts followed by Configuration utility access

Network Indicators:

Unexpected traffic to Configuration utility from untrusted sources

SIEM Query:

source="bigip_logs" AND (uri="*Configuration*" OR uri="*config*" OR uri="*admin*") AND src_ip NOT IN trusted_networks

📊 Metadata

CVE ID: CVE-2026-20732

CVSS v3 Score: 3.1 (LOW)

CVSS Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N

CWE: CWE-451

EPSS Score: 0.05% exploit probability (16.6th percentile)

Published: February 4, 2026

Last Updated: February 13, 2026

🔗 References

https://my.f5.com/manage/s/article/K000156644 Vendor Advisory

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Big Ip Access Policy Manager by F5

Big Ip Access Policy Manager by F5

Big Ip Access Policy Manager by F5

Big Ip Advanced Firewall Manager by F5

Big Ip Advanced Firewall Manager by F5

Big Ip Advanced Firewall Manager by F5

Big Ip Advanced Web Application Firewall by F5

Big Ip Advanced Web Application Firewall by F5

Big Ip Advanced Web Application Firewall by F5

Big Ip Analytics by F5

Big Ip Analytics by F5

Big Ip Analytics by F5

Big Ip Application Acceleration Manager by F5

Big Ip Application Acceleration Manager by F5

Big Ip Application Acceleration Manager by F5

Big Ip Application Security Manager by F5

Big Ip Application Security Manager by F5

Big Ip Application Security Manager by F5

Big Ip Application Visibility And Reporting by F5

Big Ip Application Visibility And Reporting by F5

Big Ip Application Visibility And Reporting by F5

Big Ip Automation Toolchain by F5

Big Ip Automation Toolchain by F5

Big Ip Automation Toolchain by F5

Big Ip Carrier Grade Nat by F5

Big Ip Carrier Grade Nat by F5

Big Ip Carrier Grade Nat by F5

Big Ip Container Ingress Services by F5

Big Ip Container Ingress Services by F5

Big Ip Container Ingress Services by F5

Big Ip Ddos Hybrid Defender by F5

Big Ip Ddos Hybrid Defender by F5

Big Ip Ddos Hybrid Defender by F5

Big Ip Domain Name System by F5

Big Ip Domain Name System by F5

Big Ip Domain Name System by F5

Big Ip Edge Gateway by F5

Big Ip Edge Gateway by F5

Big Ip Edge Gateway by F5

Big Ip Fraud Protection Service by F5

Big Ip Fraud Protection Service by F5

Big Ip Fraud Protection Service by F5

Big Ip Global Traffic Manager by F5

Big Ip Global Traffic Manager by F5

Big Ip Global Traffic Manager by F5

Big Ip Link Controller by F5

Big Ip Link Controller by F5

Big Ip Link Controller by F5

Big Ip Local Traffic Manager by F5

Big Ip Local Traffic Manager by F5

Big Ip Local Traffic Manager by F5

Big Ip Policy Enforcement Manager by F5

Big Ip Policy Enforcement Manager by F5

Big Ip Policy Enforcement Manager by F5

Big Ip Ssl Orchestrator by F5

Big Ip Ssl Orchestrator by F5

Big Ip Ssl Orchestrator by F5

Big Ip Webaccelerator by F5

Big Ip Webaccelerator by F5

Big Ip Webaccelerator by F5

Big Ip Websafe by F5

Big Ip Websafe by F5

Big Ip Websafe by F5

⚠️ Risk & Real-World Impact

Worst Case

Likely Case

If Mitigated

🎯 Exploit Status

🛠️ Fix & Mitigation

✅ Official Fix

Instructions:

🔧 Temporary Workarounds

Restrict Configuration Utility Access

User Awareness Training

🧯 If You Can't Patch

🔍 How to Verify

Check if Vulnerable: