F5 Networks BIG-IP : BIG-IP DTLS vulnerability (K000160901)

The version of F5 Networks BIG-IP installed on the remote host is prior to 17.1.3.1 / 17.5.1.4 / 21.0.0.1. It is, therefore, affected by a vulnerability as referenced in the K000160901 advisory. When a Client SSL profile is configured with Allow Dynamic Record Sizing on a UDP virtual server,...

F5 Networks BIG-IP : BIG-IP TMM vulnerability (K000158038)

The version of F5 Networks BIG-IP installed on the remote host is prior to 17.1.3.1 / 17.5.1.4 / 21.0.0. It is, therefore, affected by a vulnerability as referenced in the K000158038 advisory. When a classification profile is configured on a UDP virtual server, undisclosed requests can cause the...

F5 Networks BIG-IP : BIG-IP HTTP/2 Layer 7 DoS Protection vulnerability (K000158979)

The version of F5 Networks BIG-IP installed on the remote host is prior to 17.1.3.1 / 17.5.1.4. It is, therefore, affected by a vulnerability as referenced in the K000158979 advisory. On an HTTP/2 virtual server with Layer 7 DoS Protection configured, undisclosed traffic can result in an increase...

F5 Networks BIG-IP : BIG-IP HTTP/2 vulnerability (K000159034)

The version of F5 Networks BIG-IP installed on the remote host is prior to 17.1.3.1 / 17.5.1.4 / 21.0.0.1. It is, therefore, affected by a vulnerability as referenced in the K000159034 advisory. When an HTTP/2 profile and an iRule containing theHTTP::redirectorHTTP::respondcommand are configured ...

EUVD-2026-29976

When an SSL profile is configured on a virtual server on BIG-IP Virtual Edition VE without Intel QuickAssist Technology QAT or on BIG-IP hardware platforms with the database variable crypto.hwacceleration set to disabled, undisclosed traffic can cause the Traffic Management Microkernel TMM to...

EUVD-2026-29990

When a classification profile is configured on a UDP virtual server, undisclosed requests can cause the Traffic Management Microkernel TMM to terminate. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...

EUVD-2026-29987

On an HTTP/2 virtual server with Layer 7 DoS Protection configured, undisclosed traffic can result in an increase in memory consumption causing the Traffic Management Microkernel TMM process to terminate. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...

CVE-2026-42920

When a Client SSL profile is configured with Allow Dynamic Record Sizing on a UDP virtual server, undisclosed traffic can cause the Traffic Management Microkernel TMM to terminate. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...

CVE-2026-40423

When a SIP profile is configured on a virtual server, undisclosed traffic can cause the Traffic Management Microkernel TMM to terminate. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...

CVE-2026-39458 BIG-IP DNS Cache vulnerability

When a BIG-IP DNS profile enabled with DNS cache is configured on a virtual server, undisclosed traffic can cause the Traffic Management Microkernel TMM to terminate. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...

CVE-2026-39458

CVE-2026-39458 affects BIG-IP DNS when a DNS cache profile is enabled on a virtual server, causing the Traffic Management Microkernel (TMM) to terminate and disrupt traffic (DoS). Exploitation details are not provided in the documents. Affected/fixed status per F5 advisory: BIG-IP (all modules) 2...

CVE-2026-41227 BIG-IP HTTP/2 Layer 7 Dos Protection vulnerability

On an HTTP/2 virtual server with Layer 7 DoS Protection configured, undisclosed traffic can result in an increase in memory consumption causing the Traffic Management Microkernel TMM process to terminate. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...

CVE-2026-42409 BIG-IP HTTP/2 vulnerability

When an HTTP/2 profile and an iRule containing the HTTP::redirect or HTTP::respond command are configured on a virtual server, undisclosed requests can cause the Traffic Management Microkernel TMM process to terminate. Note: Software versions which have reached End of Technical Support EoTS are...

CVE-2026-41227

CVE-2026-41227 affects BIG-IP with HTTP/2 Layer 7 DoS Protection enabled. Undisclosed traffic can trigger a memory increase that causes the Traffic Management Microkernel (TMM) process to terminate, leading to DoS on the data plane. The advisory notes EoTS-filtering is applied to evaluation, and ...

CVE-2026-42409 BIG-IP HTTP/2 vulnerability

When an HTTP/2 profile and an iRule containing the HTTP::redirect or HTTP::respond command are configured on a virtual server, undisclosed requests can cause the Traffic Management Microkernel TMM process to terminate. Note: Software versions which have reached End of Technical Support EoTS are...

CVE-2026-42409

CVE-2026-42409 affects BIG-IP: when an HTTP/2 profile is used with an iRule containing HTTP::redirect or HTTP::respond on a virtual server, undisclosed requests can crash the Traffic Management Microkernel (TMM), causing DoS. Evidence in connected docs shows affected products: BIG-IP (all modules...

CVE-2026-42920 BIG-IP DTLS Vulnerability

When a Client SSL profile is configured with Allow Dynamic Record Sizing on a UDP virtual server, undisclosed traffic can cause the Traffic Management Microkernel TMM to terminate. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...

CVE-2026-40618

CVE-2026-40618 affects BIG-IP SSL/TLS when an SSL profile is on a virtual server and either QAT is not available (VE) or crypto.hwacceleration is disabled on hardware. This can cause TMM to terminate, resulting in a data-plane DoS with traffic disruption as TMM restarts. Affected BIG-IP lines inc...

CVE-2026-41218 BIG-IP PEM iRules vulnerability

When BIG-IP PEM iRules are configured on a virtual server iRules using commands starting with CLASSIFICATION::, CLASSIFY::, PEM::, PSC::, and the urlcatquery command, undisclosed traffic can cause the Traffic Management Microkernel TMM to terminate. Note: Software versions which have reached End...

CVE-2026-42781

The CVE-2026-42781 issue affects BIG-IP with embedded ePVA acceleration enabled. A local network attacker can cause the ePVA/TMM to escalate resource utilization, degrading system performance and potentially causing DoS on vulnerable rSeries/VELOS deployments that support ePVA. That impact is a d...