Cette page n'a pas encore été traduite dans votre langue. Affichage du contenu en anglais pendant que nous y travaillons.

💡 Keep dependencies up to date — most exploits target known, patchable vulnerabilities.

HIGHCVE-2026-41227CVSS 7.5

CVE-2026-41227: DoS in F5 BIG-IP

Plateforme

linux

Composant

bigip

Corrigé dans

17.5.1.4

Voir sur NVD

Sauvegarder

Traduction vers votre langue…

CVE-2026-41227 describes a Denial of Service (DoS) vulnerability affecting F5 BIG-IP systems. Exploitation involves sending specially crafted HTTP/2 traffic to an HTTP/2 virtual server with Layer 7 DoS Protection enabled, leading to increased memory consumption and potential termination of the Traffic Management Microkernel (TMM) process. This can result in service outages. The vulnerability impacts versions 16.1.0 through 17.5.1.4, and a fix is available in version 17.5.1.4.

Impact et Scénarios d'Attaquetraduction en cours…

Successful exploitation of CVE-2026-41227 can lead to a complete denial of service for applications and services relying on the affected F5 BIG-IP instance. The TMM process termination effectively halts traffic processing, rendering the virtual server unavailable. The impact can range from temporary service interruptions to prolonged outages, depending on the criticality of the affected applications. While the vulnerability requires specific HTTP/2 traffic manipulation, the relative ease of crafting such payloads, combined with the potential for widespread disruption, makes it a significant concern. Organizations heavily reliant on F5 BIG-IP for load balancing and application delivery are particularly vulnerable.

Contexte d'Exploitationtraduction en cours…

CVE-2026-41227 was published on May 13, 2026. The vulnerability's severity is rated HIGH (CVSS 7.5). Currently, there are no publicly available exploits or active campaigns targeting this vulnerability. It is not listed on KEV (Known Exploited Vulnerabilities) as of the publication date. The EPSS (Exploit Prediction Score System) score is pending evaluation, but the potential for DoS impact suggests a medium to high probability of exploitation if a suitable exploit is developed and released.

Renseignement sur les Menaces

Statut de l'Exploit

Preuve de ConceptInconnu

CISA KEVNO

Exposition InternetÉlevée

CISA SSVC

Exploitationnone

Automatisableyes

Impact Techniquepartial

Vecteur CVSS

Que signifient ces métriques?

Attack Vector: Réseau — exploitable à distance via internet. Aucun accès physique ou local requis.
Attack Complexity: Faible — aucune condition spéciale requise. Exploitable de manière fiable.
Privileges Required: Aucun — sans authentification. Aucune identifiant requis pour exploiter.
User Interaction: Aucune — attaque automatique et silencieuse. La victime ne fait rien.
Scope: Inchangé — impact limité au composant vulnérable.
Confidentiality: Aucun — aucun impact sur la confidentialité.
Integrity: Aucun — aucun impact sur l'intégrité.
Availability: Élevé — panne complète ou épuisement des ressources. Déni de service total.

Logiciel Affecté

Composantbigip

FournisseurF5

Version minimale16.1.0

Version maximale17.5.1.4

Corrigé dans17.5.1.4

Classification de Faiblesse (CWE)

CWE-770

Chronologie

Réservé2026-04-30
Publiée2026-05-13

Mitigation et Contournementstraduction en cours…

The primary mitigation for CVE-2026-41227 is to upgrade F5 BIG-IP to version 17.5.1.4 or later, which contains the fix. If immediate upgrade is not feasible, implement temporary workarounds. Configure a Web Application Firewall (WAF) or proxy to filter out potentially malicious HTTP/2 requests. Specifically, look for unusual header patterns or request sizes that deviate from expected traffic. Consider implementing rate limiting on HTTP/2 connections to reduce the impact of a potential attack. Monitor TMM process resource utilization closely; spikes in memory consumption could indicate exploitation attempts. After upgrading, confirm the fix by sending test HTTP/2 requests and verifying that TMM resource usage remains stable.

Comment corrigertraduction en cours…

Aplique las actualizaciones de seguridad proporcionadas por F5 para BIG-IP. Consulte la nota de seguridad K000158979 en el sitio web de F5 para obtener más detalles sobre las versiones afectadas y las actualizaciones disponibles.

Questions fréquentestraduction en cours…

What is CVE-2026-41227 — DoS in F5 BIG-IP?

CVE-2026-41227 is a high-severity Denial of Service vulnerability in F5 BIG-IP affecting versions 16.1.0–17.5.1.4. Malformed HTTP/2 traffic can cause service disruption by terminating the TMM process.

Am I affected by CVE-2026-41227 in F5 BIG-IP?

You are affected if you are running F5 BIG-IP versions 16.1.0 through 17.5.1.4 and have HTTP/2 virtual servers with Layer 7 DoS Protection enabled. Check your version immediately.

How do I fix CVE-2026-41227 in F5 BIG-IP?

Upgrade to F5 BIG-IP version 17.5.1.4 or later. As a temporary workaround, configure WAF rules to filter malicious HTTP/2 requests.

Is CVE-2026-41227 being actively exploited?

As of the publication date, there are no publicly known exploits or active campaigns targeting CVE-2026-41227, but the potential for exploitation exists.

Where can I find the official F5 advisory for CVE-2026-41227?

Refer to the official F5 Security Advisory for CVE-2026-41227 on the F5 website (link will be available upon publication).

Ton projet est-il affecté ?

Téléverse ton fichier de dépendances et découvre instantanément si cette CVE et d'autres te touchent.

Scanner gratuitement Rechercher des CVE

en directfree scan

Essayez maintenant — sans compte

scanZone.subtitle

Scan manuelSlack/email alertsContinuous monitoringWhite-label reports

Glissez-déposez votre fichier de dépendances

composer.lock, package-lock.json, requirements.txt, Gemfile.lock, pubspec.lock, Dockerfile...

Parcourir les fichiers