CVE-2024-21793, CVE-2024-26026: Proof of Concept Available...

CVE-2024-21793, CVE-2024-26026: Proof of Concept Available for F5 BIG-IP Next Central Manager Vulnerabilities

On May 8, F5 published advisories for two vulnerabilities in the BIG-IP Next Central Manager, a centralized management console for BIG-IP Next instances. Exploitation of these vulnerabilities can lead to the disclosure of sensitive information, such as password hashes and allow for takeover of an affected device.

CVE-2024-21793 is an OData Injection vulnerability in the BIG-IP Next Central Manager. An unauthenticated, remote attacker could exploit this vulnerability by sending a specially crafted request containing an OData query to a vulnerable Next Central Manager API endpoint.

CVE-2024-26026 is an SQL Injection vulnerability in the BIG-IP Next Central Manager. An unauthenticated, remote attacker could exploit this vulnerability by sending a specially crafted request containing a SQL query to a vulnerable Next Central Manager API endpoint.

For more information about these vulnerabilities, including the availability of patches and Tenable product coverage, please visit our blog.

Cyber Exposure Alerts

Vulnerability Watch

Forum Discussion

CVE-2024-21793, CVE-2024-26026: Proof of Concept Available...

Recent Discussions

FAQ on Exploited Zero-Day Flaws in Cisco ASA and FTD Devices (CVE-2025-20333, CVE-2025-20362)

Microsoft’s September 2025 Patch Tuesday Addresses 80 CVEs (CVE-2025-55234)

Frequently Asked Questions About Chinese State-Sponsored Actors Compromising Global Networks

CVE-2025-7775: Citrix NetScaler ADC and Gateway Zero-Day RCE Vulnerability Exploited in the Wild

CVE-2025-25256: Proof of Concept Released for Fortinet FortiSIEM Command Injection Vulnerability

Americas

Europe

Asia / Australia