Description
When a BIG-IP APM access policy is configured on a virtual server, undisclosed traffic can cause the apmd process to terminate.

 Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
Published: 2026-05-13
Score: 8.7 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

When a BIG‑IP APM access policy is active on a virtual server, concealment of traffic can cause the apmd process to terminate. The crash of apmd disables the APM component, resulting in a denial of service for all connections managed by that policy. The vulnerability is rated CVSS 8.7, indicating a high‑severity outage risk.

Affected Systems

The flaw affects F5 BIG‑IP devices that implement APM access policies. No individual firmware versions are listed; however, the advisory notes that versions no longer receiving technical support are excluded from the evaluation.

Risk and Exploitability

The CVSS score reflects the extent of availability loss. The EPSS score is not available and the issue is not listed in the CISA KEV catalog, suggesting no publicly documented exploitation yet, but the lack of data does not imply absence of risk. Likely attackers can trigger the crash by sending specially crafted traffic to the virtual server that is routed through the vulnerable APM policy. With remote access to the network segment and the ability to generate such traffic, a stakeholder could incapacitate the BIG‑IP device’s APM service.

Generated by OpenCVE AI on May 13, 2026 at 16:49 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the latest F5 BIG‑IP firmware patch that resolves the apmd termination issue.
  • If no patch is yet available, disable or remove the affected APM access policy from the virtual server until a fix is released.
  • Restrict inbound traffic to the virtual server with security groups or firewall rules to limit the opportunity for malicious traffic to reach the APM component.
  • Continuously monitor apmd process logs for unexpected terminations and apply additional hardening, such as limiting the size and format of packets processed by the policy.

Generated by OpenCVE AI on May 13, 2026 at 16:49 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 13 May 2026 17:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Wed, 13 May 2026 17:00:00 +0000

Type Values Removed Values Added
First Time appeared F5
F5 big-ip
Vendors & Products F5
F5 big-ip

Wed, 13 May 2026 15:15:00 +0000

Type Values Removed Values Added
Description When a BIG-IP APM access policy is configured on a virtual server, undisclosed traffic can cause the apmd process to terminate.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
Title BIG-IP APM Vulnerability
Weaknesses CWE-120
References
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}

cvssV4_0

{'score': 8.7, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

F5 Big-ip
cve-icon MITRE

Status: PUBLISHED

Assigner: f5

Published:

Updated: 2026-05-13T16:16:07.266Z

Reserved: 2026-04-30T23:02:33.947Z

Link: CVE-2026-40067

cve-icon Vulnrichment

Updated: 2026-05-13T16:16:01.186Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-05-13T16:16:42.427

Modified: 2026-05-13T16:27:11.127

Link: CVE-2026-40067

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-13T17:00:14Z

Weaknesses