Description
When BIG-IP AFM or BIG-IP DDoS is provisioned, undisclosed traffic can cause TMM to terminate.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
Published: 2026-02-18
Score: 8.7 High
EPSS: < 1% Very Low
KEV: No
Impact: Denial of Service
Action: Update Firmware
AI Analysis

Impact

The vulnerability resides in the Traffic Management Microkernel (TMM) of F5 BIG‑IP when Advanced Firewall Manager (AFM) or Distributed Denial of Service (DDoS) services are provisioned. Undisclosed or malformed traffic can trigger a NULL pointer dereference in TMM, causing the kernel to terminate and the BIG‑IP system to become unavailable. This flaw results in a denial of service to all users and network services dependent on the affected device. The CVSS score of 8.7 indicates a high severity impact with full loss of service availability in the affected environment.

Affected Systems

The flaw affects F5 BIG‑IP appliances that have AFM or DDoS provisioned. Specific vulnerable product variants and versions are not enumerated in the public advisory; however, the advisory notes that end‑of‑support releases are not evaluated, implying that only actively supported releases are at risk.

Risk and Exploitability

The EPSS score is reported to be below 1 %, suggesting that the exploitation likelihood is low, and the flaw is not listed in the CISA KEV catalog. Nonetheless, the CVSS score indicates that a successful exploitation would fully disrupt availability. An attacker would need to send specially crafted traffic towards the BIG‑IP device over the network, which could be performed remotely where the device is exposed. The attack impacts all services running on the device until it is rebooted or recovered.

Generated by OpenCVE AI on April 17, 2026 at 18:38 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade the BIG‑IP firmware to the latest supported version that contains the fix for the TMM NULL pointer dereference.
  • If an immediate upgrade is not feasible, consider temporarily disabling the AFM or DDoS service to prevent the crash from occurring.
  • Implement network traffic filtering or isolation on inbound connections to limit the types of traffic that reach the BIG‑IP device until remediation is applied.

Generated by OpenCVE AI on April 17, 2026 at 18:38 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 19 Feb 2026 10:30:00 +0000

Type Values Removed Values Added
First Time appeared F5
F5 big-ip
Vendors & Products F5
F5 big-ip

Wed, 18 Feb 2026 18:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Wed, 18 Feb 2026 16:30:00 +0000

Type Values Removed Values Added
Description When BIG-IP AFM or BIG-IP DDoS is provisioned, undisclosed traffic can cause TMM to terminate.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
Title BIG-IP TMM Vulnerability
Weaknesses CWE-476
References
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}

cvssV4_0

{'score': 8.7, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

F5 Big-ip
cve-icon MITRE

Status: PUBLISHED

Assigner: f5

Published:

Updated: 2026-02-18T17:52:18.117Z

Reserved: 2026-02-13T22:57:30.264Z

Link: CVE-2026-2507

cve-icon Vulnrichment

Updated: 2026-02-18T17:52:12.976Z

cve-icon NVD

Status : Deferred

Published: 2026-02-18T17:21:36.540

Modified: 2026-04-15T00:35:42.020

Link: CVE-2026-2507

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-17T18:45:25Z

Weaknesses