EUVD-2026-29967

When a BIG-IP DNS profile enabled with DNS cache is configured on a virtual server, undisclosed traffic can cause the Traffic Management Microkernel TMM to terminate. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...

CVE-2026-41218 BIG-IP PEM iRules vulnerability

When BIG-IP PEM iRules are configured on a virtual server iRules using commands starting with CLASSIFICATION::, CLASSIFY::, PEM::, PSC::, and the urlcatquery command, undisclosed traffic can cause the Traffic Management Microkernel TMM to terminate. Note: Software versions which have reached End...

CVE-2026-41218 BIG-IP PEM iRules vulnerability

When BIG-IP PEM iRules are configured on a virtual server iRules using commands starting with CLASSIFICATION::, CLASSIFY::, PEM::, PSC::, and the urlcatquery command, undisclosed traffic can cause the Traffic Management Microkernel TMM to terminate. Note: Software versions which have reached End...

CVE-2026-34019

When Bidirectional Forwarding Detection BFD is configured in Static and Dynamic routing protocols, undisclosed traffic can cause the Traffic Management Microkernel TMM to stop processing BFD packets and cause the configured routing protocol to fail over. Note: Software versions which have reached...

PT-2026-40664

Name of the Vulnerable Software and Affected Versions F5 BIG-IP affected versions not specified F5 BIG-IP Next CNF affected versions not specified F5 BIG-IP Next for Kubernetes affected versions not specified Description A stack-based overflow in the Traffic Management Microkernel TMM can be...

PT-2026-20463

Name of the Vulnerable Software and Affected Versions BIG-IP AFM and BIG-IP DDoS affected versions not specified Description Undisclosed traffic can cause Traffic Management Microkernel TMM to terminate when BIG-IP Application Firewall AFM or BIG-IP Distributed Denial of Service DDoS is...

CVE-2025-61990

When using a multi-bladed platform with more than one blade, undisclosed traffic can cause the Traffic Management Microkernel TMM to terminate. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...

EUVD-2025-34641

On BIG-IP Next CNF, BIG-IP Next SPK, and BIG-IP Next for Kubernetes systems, repeated undisclosed API calls can cause the Traffic Management Microkernel TMM to terminate. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...

CVE-2025-58071 BIG-IP IPSec vulnerability

When IPsec is configured on the BIG-IP system, undisclosed traffic can cause the Traffic Management Microkernel TMM to terminate. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...

CVE-2025-61960

When a per-request policy is configured on a BIG-IP APM portal access virtual server, undisclosed traffic can cause the Traffic Management Microkernel TMM to terminate. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...

CVE-2025-48008

When a TCP profile with Multipath TCP MPTCP enabled is configured on a virtual server, undisclosed traffic along with conditions beyond the attacker's control can cause the Traffic Management Microkernel TMM to terminate. Note: Software versions which have reached End of Technical Support EoTS ar...

CVE-2025-61960

CVE-2025-61960 affects BIG-IP APM portal access. When a per-request policy is configured on a BIG-IP APM portal access virtual server, undisclosed traffic can trigger a NULL-pointer/related issue in TMM, causing the Traffic Management Microkernel (TMM) to terminate. This is a data-plane DoS risk ...

CVE-2025-55669 BIG-IP HTTP/2 vulnerability

When the BIG-IP Advanced WAF and ASM security policy and a server-side HTTP/2 profile are configured on a virtual server, undisclosed traffic can cause the Traffic Management Microkernel TMM to terminate. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...

CVE-2025-55669 BIG-IP HTTP/2 vulnerability

When the BIG-IP Advanced WAF and ASM security policy and a server-side HTTP/2 profile are configured on a virtual server, undisclosed traffic can cause the Traffic Management Microkernel TMM to terminate. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...

CVE-2025-48008 BIG-IP MPTCP vulnerability

When a TCP profile with Multipath TCP MPTCP enabled is configured on a virtual server, undisclosed traffic along with conditions beyond the attacker's control can cause the Traffic Management Microkernel TMM to terminate. Note: Software versions which have reached End of Technical Support EoTS ar...

CVE-2025-53474

CVE-2025-53474 affects F5 BIG-IP iRules via ILX::call on a virtual server, enabling a remote unauthenticated attacker to cause DoS by terminating TMM. The vulnerability is documented with concrete fixes: BIG-IP upgrades to versions where fixes were introduced (e.g., BIG-IP 17.5.x: 17.5.1.3; 17.1....

F5 Networks BIG-IP : BIG-IP iRules vulnerability (K44517780)

The version of F5 Networks BIG-IP installed on the remote host is prior to 15.1.10.8 / 16.1.6.1 / 17.1.3 / 17.5.1.3. It is, therefore, affected by a vulnerability as referenced in the K44517780 advisory. When an iRule using anILX::callcommand is configured on a virtual server, undisclosed traffic...

F5 Networks BIG-IP : BIG-IP AFM DoS protection profile vulnerability (K000152341)

The version of F5 Networks BIG-IP installed on the remote host is prior to 15.1.10.8 / 17.1.3 / 17.5.1. It is, therefore, affected by a vulnerability as referenced in the K000152341 advisory. When a BIG-IP AFM denial-of-service DoS protection profile is configured on a virtual server, undisclosed...

PT-2025-42325

Name of the Vulnerable Software and Affected Versions F5 BIG-IP APM versions 15.1.0 through 15.1.10 F5 BIG-IP APM versions 16.1.0 through 16.1.6 F5 BIG-IP APM versions 17.1.0 through 17.1.2 F5 BIG-IP APM versions 17.5.0 through 17.5.1 F5 BIG-IP APM versions prior to 21.0.0 Description An...

EUVD-2025-24640

Malicious code in bioql PyPI...