Description
When a BIG-IP Advanced WAF or ASM security policy is configured on a virtual server, undisclosed requests can cause the bd process to terminate. 




Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
Published: 2026-05-13
Score: 8.7 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A flaw in the BIG‑IP Advanced WAF or ASM security policy allows an attacker to send undisclosed requests that cause the bd process to terminate abruptly. The resulting crash leads to a denial of service for the virtual server hosting the WAF or ASM, potentially disrupting network traffic and other services that rely on the protected virtual server. The weakness is identified as CWE‑252, indicating that the process does not properly handle or validate certain inputs.

Affected Systems

The vulnerability affects F5 BIG‑IP devices configured with the Advanced Web Application Firewall (WAF) or Application Security Manager (ASM) component. No specific firmware or policy versions are listed, so any installation of those modules remains potentially at risk until a vendor-supplied update is applied.

Risk and Exploitability

The CVSS score of 8.7 places this issue in the high severity range, and while the EPSS score is not available, the lack of an EPSS rating does not imply lower risk. The vulnerability is not listed in the CISA KEV catalog, but that does not diminish the requirement for prompt remediation. The attacker likely needs to craft and send HTTP or similar undisclosed requests targeting the virtual server; the exact attack vector is not fully detailed, but the described behavior suggests remote exploitation over the network. Given the high CVSS score and the disruptive impact, this flaw should be treated with high priority.

Generated by OpenCVE AI on May 13, 2026 at 16:45 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply any F5 firmware or policy update that addresses the BD process termination issue
  • If a patch is not immediately available, isolate the affected virtual server or restrict inbound traffic using a separate firewall or ACL to reduce exposure to suspicious requests
  • Implement monitoring or alerting to detect sudden BD process crashes and automatically restart the service or trigger fail‑over mechanisms

Generated by OpenCVE AI on May 13, 2026 at 16:45 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 13 May 2026 17:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Wed, 13 May 2026 17:00:00 +0000

Type Values Removed Values Added
First Time appeared F5
F5 big-ip
Vendors & Products F5
F5 big-ip

Wed, 13 May 2026 15:15:00 +0000

Type Values Removed Values Added
Description When a BIG-IP Advanced WAF or ASM security policy is configured on a virtual server, undisclosed requests can cause the bd process to terminate.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
Title BIG-IP Advanced WAF and ASM vulnerability
Weaknesses CWE-252
References
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}

cvssV4_0

{'score': 8.7, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

F5 Big-ip
cve-icon MITRE

Status: PUBLISHED

Assigner: f5

Published:

Updated: 2026-05-13T16:12:34.820Z

Reserved: 2026-04-30T23:04:10.878Z

Link: CVE-2026-40060

cve-icon Vulnrichment

Updated: 2026-05-13T16:12:29.326Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-05-13T16:16:42.143

Modified: 2026-05-13T16:27:11.127

Link: CVE-2026-40060

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-13T17:00:14Z

Weaknesses