CVE-2026-22549 — Execution with Unnecessary Privileges in F5 Big-ip Container Ingress Services

CWE-250 — Execution with Unnecessary Privileges4 documents4 sources

Severity

6.9MEDIUMNVD

EPSS

0.1%

top 79.75%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

F5 Big-ip Container Ingress Services F5 Big-ip Container Ingress Services

Timeline

PublishedFeb 4

Description

A vulnerability exists in F5 BIG-IP Container Ingress Services that may allow excessive permissions to read cluster secrets. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Affected Packages2 packages

▶NVDf5/big-ip_container_ingress_services2.0.0 — 2.2.0.2+1

▶CVEListV5f5/f5_big-ip_container_ingress_services2.0.0 — 2.20.2+1

🔴Vulnerability Details

CVEList

BIG-IP Container Ingress Services vulnerability↗2026-02-04

▶

GHSA

GHSA-qv83-wx6q-j989: A vulnerability exists in F5 BIG-IP Container Ingress Services that may allow excessive permissions to read cluster secrets↗2026-02-04

▶

📋Vendor Advisories

CVE-2026-22549: A vulnerability exists in F5 BIG-IP Container Ingress Services that may allow excessive permissions to read cluster s...↗2026-02-04

▶