Description
When Bidirectional Forwarding Detection (BFD) is configured in Static and Dynamic routing protocols, undisclosed traffic can cause the Traffic Management Microkernel (TMM) to stop processing BFD packets and cause the configured routing protocol to fail over.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
Published: 2026-05-13
Score: 6.3 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

An undirected traffic pattern can lead F5 BIG‑IP's Traffic Management Microkernel to ignore BFD packets. When BFD stops being processed, the associated routing protocol can fail over, disrupting connectivity. The flaw, classified as CWE‑410, affects the handling of BFD traffic which can result in a denial of service to BFD‑enabled sessions.

Affected Systems

Vendor F5 listed product BIG‑IP is impacted. The vulnerability is linked to the BFD implementation in both static and dynamic routing protocols built into all supported BIG‑IP releases before the end of technical support. No precise version numbers were supplied in the advisory.

Risk and Exploitability

With a CVSS score of 6.3 the weakness is moderate. EPSS is not reported, but there is no evidence of exploitation in the KEV catalog. The vulnerability requires the attacker to send traffic that triggers the TMM to stop processing BFD packets. The likely attack vector is a network‑level actor who can inject custom traffic toward the device or an internal host with BFD access, though the data does not explicitly state the vector.

Generated by OpenCVE AI on May 13, 2026 at 16:50 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the latest vendor patch or firmware upgrade for F5 BIG‑IP when released by F5 to fix the BFD handling issue.
  • Restrict inbound BFD traffic by configuring ACLs or firewall rules to allow only trusted routing peers to send BFD packets.
  • Disable BFD configuration on routes that are not required or migrate to a more recent BFD implementation that has been patched.

Generated by OpenCVE AI on May 13, 2026 at 16:50 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 13 May 2026 17:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Wed, 13 May 2026 17:00:00 +0000

Type Values Removed Values Added
First Time appeared F5
F5 big-ip
Vendors & Products F5
F5 big-ip

Wed, 13 May 2026 15:15:00 +0000

Type Values Removed Values Added
Description When Bidirectional Forwarding Detection (BFD) is configured in Static and Dynamic routing protocols, undisclosed traffic can cause the Traffic Management Microkernel (TMM) to stop processing BFD packets and cause the configured routing protocol to fail over.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
Title BIG-IP BFD vulnerability
Weaknesses CWE-410
References
Metrics cvssV3_1

{'score': 5.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L'}

cvssV4_0

{'score': 6.3, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N'}

Subscriptions

F5 Big-ip
cve-icon MITRE

Status: PUBLISHED

Assigner: f5

Published:

Updated: 2026-05-13T16:16:34.572Z

Reserved: 2026-04-30T23:02:33.933Z

Link: CVE-2026-34019

cve-icon Vulnrichment

Updated: 2026-05-13T16:16:29.989Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-05-13T16:16:39.680

Modified: 2026-05-13T16:27:11.127

Link: CVE-2026-34019

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-13T17:00:14Z

Weaknesses