CVE-2026-39459
Published: 13 May 2026
Summary
CVE-2026-39459 is a high-severity Least Privilege Violation (CWE-272) vulnerability. Its CVSS base score is 7.2 (High).
Operationally, ranked at the 20.1th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
Threat & Defense Details
Likely Mitigating ControlsAI
Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.
Review and update requirements help detect and correct least privilege violations in practice.
Access reviews verify and enforce adherence to least privilege by identifying excess permissions.
Requiring specification of intended system usage and access authorizations, plus periodic reviews, supports enforcement of least privilege.
Separation of duties is a direct mechanism to enforce least privilege by ensuring no individual receives more access than required for their isolated responsibilities.
Enforces the least privilege principle to avoid violations of minimal necessary access.
Enforcing only the minimal set of functionality implements least privilege by eliminating unneeded capabilities that could be abused.
The control mandates acknowledgment of least-privilege expectations, making violations by authorized users less likely.
Risk Executive role ensures least privilege is applied uniformly rather than left to individual system owners or projects.
NVD Description
A vulnerability exists in iControl REST and the TMOS Shell (tmsh) where a highly privileged, authenticated attacker with at least the Manager role can create configuration objects that allow running arbitrary commands. Note: Software versions which have reached End of…
more
Technical Support (EoTS) are not evaluated.
Deeper analysisAI
Automated synthesis unavailable for this CVE.
Details
- CWE(s)