CVE-2026-40703 MEDIUM

CVE-2026-40703: BIG-IP Configuration utility CSRF vulnerability

Vendor F5

Product BIG-IP

Weakness CWE-352 · CSRF

Published May 13, 2026

Last update May 13, 2026

View on NVD All CVEs

CVSS base score

5.4/10

Attack vector Network

Attack complexity Low

Privileges required None

User interaction Required

Confidentiality None

Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L

What the vulnerability does

01Description

A cross-site request forgery (CSRF) vulnerability exists in the dashboard of the BIG-IP Configuration utility. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

Key dates

02Disclosure timeline

May 13, 2026 CVE published

May 13, 2026 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2026-40703

Related vulnerabilities

04Related CVE

CVE-2023-51491 WordPress Depicter Slider plugin <= 2.0.6 - Cross Site Request Forgery (CSRF) vulnerability CVE-2024-12554 Peter’s Custom Anti-Spam <= 3.2.3 - Cross-Site Request Forgery via cas_register_post Function CVE-2025-22685 WordPress Tags to Keywords plugin <= 1.0.1 - CSRF to Stored XSS vulnerability CVE-2026-9618 PeachPay <= 1.120.46 - Cross-Site Request Forgery to Stripe Unlink CVE-2023-48323 WordPress Awesome Support Plugin <= 6.1.4 is vulnerable to Cross Site Request Forgery (CSRF)

Identifiers

CVE CVE-2026-40703

CWE CWE-352

CVSS 5.4 / MEDIUM

Affected versions

Vendor F5

Product BIG-IP

Affected ≥ 17.5.0 and < 17.5.1.4

Vendor F5

Product BIG-IP

Affected ≥ 17.1.0 and < 17.1.3.1

Vendor F5

Product BIG-IP

Affected ≥ 16.1.0 and < *