Description
On an HTTP/2 virtual server with Layer 7 DoS Protection configured, undisclosed traffic can result in an increase in memory consumption causing the Traffic Management Microkernel (TMM) process to terminate.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
Published: 2026-05-13
Score: 8.7 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

An undisclosed pattern of traffic on a configured HTTP/2 virtual server can inflate memory usage, causing the Traffic Management Microkernel process to terminate. This leads to service interruption for the affected BIG‑IP device. The flaw is a memory management error identified as CWE-770, where unchecked allocation growth can exhaust available resources.

Affected Systems

F5 BIG‑IP devices running an HTTP/2 virtual server with Layer 7 DoS Protection enabled are affected. The specific versions are not listed, but any supported release that has not reached End of Technical Support is at risk.

Risk and Exploitability

The vulnerability earned a CVSS score of 8.7, indicating high severity. No EPSS score is available, so the current exploitation probability is uncertain, though the lack of an EPSS value does not preclude exploitation. The issue is not listed in CISA KEV, suggesting no confirmed public exploits yet. Based on the description, the attack likely originates from remote network traffic directed at the affected virtual server.

Generated by OpenCVE AI on May 13, 2026 at 17:15 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the latest F5 BIG‑IP firmware or patch that resolves the memory overflow issue.
  • If a patch is not yet available, temporarily disable HTTP/2 on the affected virtual servers.
  • Consider removing or disabling Layer 7 DoS Protection on the virtual servers until the vulnerability is formally fixed.

Generated by OpenCVE AI on May 13, 2026 at 17:15 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 13 May 2026 17:15:00 +0000

Type Values Removed Values Added
First Time appeared F5
F5 big-ip
Vendors & Products F5
F5 big-ip
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Wed, 13 May 2026 15:15:00 +0000

Type Values Removed Values Added
Description On an HTTP/2 virtual server with Layer 7 DoS Protection configured, undisclosed traffic can result in an increase in memory consumption causing the Traffic Management Microkernel (TMM) process to terminate.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
Title BIG-IP HTTP/2 Layer 7 Dos Protection vulnerability
Weaknesses CWE-770
References
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}

cvssV4_0

{'score': 8.7, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

F5 Big-ip
cve-icon MITRE

Status: PUBLISHED

Assigner: f5

Published:

Updated: 2026-05-13T16:13:01.466Z

Reserved: 2026-04-30T23:04:10.867Z

Link: CVE-2026-41227

cve-icon Vulnrichment

Updated: 2026-05-13T16:12:56.954Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-05-13T16:16:44.920

Modified: 2026-05-13T16:27:11.127

Link: CVE-2026-41227

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-13T17:30:06Z

Weaknesses