CVE-2026-22549
📋 TL;DR
This vulnerability in F5 BIG-IP Container Ingress Services allows excessive permissions that could enable reading Kubernetes cluster secrets. It affects organizations running vulnerable versions of F5 BIG-IP Container Ingress Services in Kubernetes environments.
💻 Affected Systems
- F5 BIG-IP Container Ingress Services
📦 What is this software?
⚠️ Risk & Real-World Impact
Worst Case
Attackers could read sensitive Kubernetes secrets including API tokens, certificates, and credentials, potentially leading to cluster compromise and lateral movement.
Likely Case
Unauthorized access to cluster secrets could expose sensitive configuration data and credentials, enabling further reconnaissance or privilege escalation.
If Mitigated
With proper network segmentation and access controls, impact would be limited to the specific container ingress service instance.
🎯 Exploit Status
Exploitation requires some level of access to the Kubernetes environment or the container ingress service.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Refer to F5 advisory K000157960 for specific fixed versions
Vendor Advisory: https://my.f5.com/manage/s/article/K000157960
Restart Required: Yes
Instructions:
1. Review F5 advisory K000157960 for affected versions. 2. Upgrade to patched version per F5 documentation. 3. Restart container ingress services. 4. Verify functionality post-upgrade.
🔧 Temporary Workarounds
Restrict Access Controls
allImplement strict RBAC and network policies to limit access to container ingress services
Secret Management Hardening
linuxUse Kubernetes secrets encryption at rest and limit secret access to minimum required services
🧯 If You Can't Patch
- Implement strict network segmentation to isolate container ingress services from sensitive cluster resources
- Enforce least privilege access controls and audit all access to container ingress services
🔍 How to Verify
Check if Vulnerable:
Check F5 BIG-IP Container Ingress Services version against affected versions listed in advisory K000157960Check Version:
kubectl get pods -n <namespace> -l app=<ingress-service> -o jsonpath='{.items[*].spec.containers[*].image}'Verify Fix Applied:
Verify version is updated to patched version and test that excessive permissions are no longer present📡 Detection & Monitoring
Log Indicators:
- Unusual access patterns to Kubernetes secrets API
- Multiple failed then successful secret access attempts from container ingress services
Network Indicators:
- Unexpected outbound connections from container ingress services to Kubernetes API server
SIEM Query:
source="kubernetes-audit" AND verb="get" AND resource="secrets" AND userAgent CONTAINS "container-ingress"