Description
When a classification profile is configured on a UDP virtual server, undisclosed requests can cause the Traffic Management Microkernel (TMM) to terminate.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
Published: 2026-05-13
Score: 8.7 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability resides in the Traffic Management Microkernel (TMM) of F5 BIG‑IP appliances, where an attacker can send undisclosed UDP requests that cause the system to crash. Exploiting this flaw results in service termination for the affected virtual server, creating a denial‑of‑service situation that can disrupt network traffic and business operations.

Affected Systems

Affected products are F5 BIG‑IP, BIG‑IP Next CNF, and BIG‑IP Next for Kubernetes. No specific version range is provided in the advisory, but the exception note indicates that any supported version prior to end of technical support may be vulnerable.

Risk and Exploitability

The CVSS score of 8.7 indicates a high severity and a significant impact if attacked. The EPSS score is not available, and the vulnerability is not listed in the CISA KEV catalog, implying there is no publicly known exploit yet but the high CVSS suggests it is a serious risk. The likely attack vector is remote, as UDP packets can be sent from an external network to trigger the crash. Attacking an exposed virtual server with a specially crafted packet can cause the TMM to terminate, leading to a service outage until a restart or remediation occurs.

Generated by OpenCVE AI on May 13, 2026 at 17:15 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Identify which BIG‑IP product lines are in use and confirm they are still within support; if not yet upgraded, plan a replacement or support extension.
  • When an official F5 patch is released, apply it to all affected BIG‑IP, BIG‑IP Next CNF, and BIG‑IP Next for Kubernetes appliances to eliminate the crash condition.
  • Until a patch is available, restrict or filter UDP traffic to the vulnerable virtual servers at the network perimeter, or disable the classification profile on those servers.

Generated by OpenCVE AI on May 13, 2026 at 17:15 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 14 May 2026 15:00:00 +0000

Type Values Removed Values Added
First Time appeared F5
F5 big-ip
F5 big-ip Next Cnf
F5 big-ip Next For Kubernetes
Vendors & Products F5
F5 big-ip
F5 big-ip Next Cnf
F5 big-ip Next For Kubernetes

Wed, 13 May 2026 17:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Wed, 13 May 2026 15:15:00 +0000

Type Values Removed Values Added
Description When a classification profile is configured on a UDP virtual server, undisclosed requests can cause the Traffic Management Microkernel (TMM) to terminate.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
Title BIG-IP TMM Vulnerability
Weaknesses CWE-121
References
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}

cvssV4_0

{'score': 8.7, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

F5 Big-ip Big-ip Next Cnf Big-ip Next For Kubernetes
cve-icon MITRE

Status: PUBLISHED

Assigner: f5

Published:

Updated: 2026-05-13T16:13:57.444Z

Reserved: 2026-04-30T23:02:47.690Z

Link: CVE-2026-41956

cve-icon Vulnrichment

Updated: 2026-05-13T16:13:52.941Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-05-13T16:16:45.737

Modified: 2026-05-13T16:27:11.127

Link: CVE-2026-41956

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-14T14:34:28Z

Weaknesses