CVE-2026-40699

Published: Mag 13, 2026 Last Modified: Mag 13, 2026

ExploitDB:

Other exploit source:

Google Dorks:

HIGH 7,1

Source: [email protected]

Attack Vector: network

Attack Complexity: low

Privileges Required: low

User Interaction: none

Confidentiality: N/A

Integrity: N/A

Availability: N/A

MEDIUM 6,5

Source: [email protected]

Attack Vector: network

Attack Complexity: low

Privileges Required: low

User Interaction: none

Scope: unchanged

Confidentiality: high

Integrity: none

Availability: none

Description

AI Translation Available

A vulnerability exists in the undisclosed pages in the Configuration utility that may allow a low-privileged authenticated attacker to access to undisclosed sensitive information. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

643

Improper Neutralization of Data within XPath Expressions ('XPath Injection')

Incomplete

Abstraction: Base Structure: Simple

Common Consequences

Security Scopes Affected:

Access Control Confidentiality

Potential Impacts:

Bypass Protection Mechanism Read Application Data

Applicable Platforms

All platforms may be affected

Likelihood of Exploit: High

View CWE Details

https://my.f5.com/manage/s/article/K000156734

CVE-2026-40699

Description

Improper Neutralization of Data within XPath Expressions ('XPath Injection')

Common Consequences

Applicable Platforms

Iscriviti alla newsletter