Description
When a BIG-IP DNS profile enabled with DNS cache is configured on a virtual server, undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
Published: 2026-05-13
Score: 8.7 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

When a BIG‑IP DNS profile configured with DNS caching is enabled on a virtual server, traffic that is not documented or expected can trigger the Traffic Management Microkernel (TMM) to terminate. The resulting crash disables the DNS service and may impact other services that rely on DNS resolution. This is a pure denial‑of‑service vulnerability, with no known impact on confidentiality or integrity.

Affected Systems

The flaw targets F5 BIG‑IP appliances that have the DNS cache feature enabled on virtual servers. All actively supported BIG‑IP releases are vulnerable unless a vendor patch has been applied; versions that have reached End of Technical Support are excluded from the advisory.

Risk and Exploitability

The CVSS score of 8.7 indicates a high severity. The EPSS score is not available, so the current exploit probability is unknown. The vulnerability is not listed in the CISA KEV catalog, suggesting no documented public exploitation. The attack vector is inferred to be network‑based: a hostile actor or anomalous traffic sends crafted DNS requests to the BIG‑IP, causing the TMM to crash and resulting in service interruption.

Generated by OpenCVE AI on May 13, 2026 at 17:10 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the latest F5 BIG‑IP firmware version that addresses the DNS cache crash or install the specific vendor patch.
  • Disable the DNS cache feature on all virtual servers that are not required to use it until a patch is applied.
  • Monitor BIG‑IP logs for repeated TMM restarts and verify that the DNS service remains operational; adjust firewall rules to limit suspicious traffic towards the DNS service.

Generated by OpenCVE AI on May 13, 2026 at 17:10 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 13 May 2026 17:00:00 +0000

Type Values Removed Values Added
First Time appeared F5
F5 big-ip
Vendors & Products F5
F5 big-ip

Wed, 13 May 2026 16:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Wed, 13 May 2026 15:15:00 +0000

Type Values Removed Values Added
Description When a BIG-IP DNS profile enabled with DNS cache is configured on a virtual server, undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
Title BIG-IP DNS Cache vulnerability
Weaknesses CWE-824
References
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}

cvssV4_0

{'score': 8.7, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

F5 Big-ip
cve-icon MITRE

Status: PUBLISHED

Assigner: f5

Published:

Updated: 2026-05-13T16:08:30.675Z

Reserved: 2026-04-30T23:04:27.924Z

Link: CVE-2026-39458

cve-icon Vulnrichment

Updated: 2026-05-13T16:08:26.210Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-05-13T16:16:41.223

Modified: 2026-05-13T16:27:11.127

Link: CVE-2026-39458

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-13T17:15:26Z

Weaknesses