CVE-2026-22548 – F5 BIG-IP Authentication Bypass Vulnerability

This patch addresses a medium-severity vulnerability (CVE-2026-22548) affecting F5 BIG-IP systems. The issue exists in the management interface, where improper access control validation may allow attackers to bypass authentication protections under certain conditions. This weakness could allow unauthorized users to interact with restricted system functionality without valid credentials.

If exploited, an attacker with network access to the management interface could access sensitive administrative endpoints. This could expose configuration data or allow limited interaction with system components that should normally require authentication. CVE-2026-22548 carries a CVSS v3.1 score of 5.9 (Medium).

F5 released software updates that correct the authentication validation logic and strengthen access checks within the affected management components. Systems running vulnerable BIG-IP versions remain exposed until the security update is applied.