Description
When a BIG-IP Advanced WAF or ASM security policy is configured on a virtual server, undisclosed requests along with conditions beyond the attacker's control can cause the bd process to terminate.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
Published: 2026-02-04
Score: 8.2 High
EPSS: < 1% Very Low
KEV: No
Impact: Denial of Service via BIG‑IP Advanced WAF or ASM process crash
Action: Patch Immediately
AI Analysis

Impact

A misconfiguration in BIG‑IP Advanced WAF or ASM security policies can cause the bd process to terminate unexpectedly when the system receives certain undocumented requests combined with conditions outside the attacker’s direct control. The resulting crash leads to a denial of service, disrupting the availability of the protected application or virtual server. The vulnerability is a concurrency issue (CWE‑362) and does not directly affect confidentiality or integrity. The impact is limited to the affected virtual instance and the control plane managing it.

Affected Systems

F5 BIG‑IP Advanced Web Application Firewall and F5 BIG‑IP Application Security Manager are impacted. The advisory does not list specific firmware versions, but the issue applies to any active release in which the advanced WAF or ASM policy is enabled on a virtual server. End of Technical Support versions are excluded from assessment.

Risk and Exploitability

The CVSS score of 8.2 indicates high severity. The EPSS probability is reported as less than 1 %, implying a very low expected exploitation rate at present, but it remains plausible once the vulnerability is known for public exploitation. The vulnerability is not listed in CISA’s KEV catalog. An attacker would need to craft or trigger the undocumented requests against a configured virtual server, which is possible from any network that can reach the F5 device. The crash would deplete the affected service, but no code execution or data exfiltration is possible based on the current description.

Generated by OpenCVE AI on April 18, 2026 at 14:02 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the latest F5 BIG‑IP firmware patch that addresses the bd process termination flaw.
  • If a patch is not yet available, consider disabling the Advanced WAF or ASM policy on the vulnerable virtual servers or moving the traffic off the affected device until remediation is available.
  • Restrict inbound traffic to the virtual servers to trusted IP ranges to reduce exposure to potential trigger requests.
  • Monitor system logs for unexpected bd process restarts and review any anomalous request patterns that could indicate exploitation attempts.

Generated by OpenCVE AI on April 18, 2026 at 14:02 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 13 Feb 2026 21:45:00 +0000

Type Values Removed Values Added
First Time appeared F5 big-ip Advanced Web Application Firewall
F5 big-ip Application Security Manager
CPEs cpe:2.3:a:f5:big-ip_advanced_web_application_firewall:*:*:*:*:*:*:*:*
cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*
Vendors & Products F5 big-ip Advanced Web Application Firewall
F5 big-ip Application Security Manager

Wed, 04 Feb 2026 21:30:00 +0000

Type Values Removed Values Added
First Time appeared F5
F5 big-ip
Vendors & Products F5
F5 big-ip

Wed, 04 Feb 2026 17:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Wed, 04 Feb 2026 15:15:00 +0000

Type Values Removed Values Added
Description When a BIG-IP Advanced WAF or ASM security policy is configured on a virtual server, undisclosed requests along with conditions beyond the attacker's control can cause the bd process to terminate.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
Title BIG-IP Advanced WAF and ASM vulnerability
Weaknesses CWE-362
References
Metrics cvssV3_1

{'score': 5.9, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H'}

cvssV4_0

{'score': 8.2, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

F5 Big-ip Big-ip Advanced Web Application Firewall Big-ip Application Security Manager
cve-icon MITRE

Status: PUBLISHED

Assigner: f5

Published:

Updated: 2026-02-04T16:04:59.113Z

Reserved: 2026-01-21T21:33:16.394Z

Link: CVE-2026-22548

cve-icon Vulnrichment

Updated: 2026-02-04T16:04:28.708Z

cve-icon NVD

Status : Analyzed

Published: 2026-02-04T15:16:14.913

Modified: 2026-02-13T21:44:47.250

Link: CVE-2026-22548

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-18T14:15:04Z

Weaknesses