Gratis scannen

Deze pagina is nog niet vertaald naar uw taal. We werken eraan — de inhoud wordt voorlopig in het Engels weergegeven.

💡 Keep dependencies up to date — most exploits target known, patchable vulnerabilities.

HIGHCVE-2026-41227CVSS 7.5

CVE-2026-41227: DoS in F5 BIG-IP

Platform

linux

Component

bigip

Opgelost in

17.5.1.4

Bekijk op NVD
Opslaan
Wordt vertaald naar uw taal…

CVE-2026-41227 describes a Denial of Service (DoS) vulnerability affecting F5 BIG-IP systems. Exploitation involves sending specially crafted HTTP/2 traffic to an HTTP/2 virtual server with Layer 7 DoS Protection enabled, leading to increased memory consumption and potential termination of the Traffic Management Microkernel (TMM) process. This can result in service outages. The vulnerability impacts versions 16.1.0 through 17.5.1.4, and a fix is available in version 17.5.1.4.

Impact en Aanvalsscenarioswordt vertaald…

Successful exploitation of CVE-2026-41227 can lead to a complete denial of service for applications and services relying on the affected F5 BIG-IP instance. The TMM process termination effectively halts traffic processing, rendering the virtual server unavailable. The impact can range from temporary service interruptions to prolonged outages, depending on the criticality of the affected applications. While the vulnerability requires specific HTTP/2 traffic manipulation, the relative ease of crafting such payloads, combined with the potential for widespread disruption, makes it a significant concern. Organizations heavily reliant on F5 BIG-IP for load balancing and application delivery are particularly vulnerable.

Uitbuitingscontextwordt vertaald…

CVE-2026-41227 was published on May 13, 2026. The vulnerability's severity is rated HIGH (CVSS 7.5). Currently, there are no publicly available exploits or active campaigns targeting this vulnerability. It is not listed on KEV (Known Exploited Vulnerabilities) as of the publication date. The EPSS (Exploit Prediction Score System) score is pending evaluation, but the potential for DoS impact suggests a medium to high probability of exploitation if a suitable exploit is developed and released.

Dreigingsinformatie

Exploit Status

Proof of ConceptOnbekend
CISA KEVNO
InternetblootstellingHoog

CISA SSVC

Exploitatienone
Automatiseerbaaryes
Technische Impactpartial

CVSS-vector

DREIGINGSINFORMATIE· CVSS 3.1CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H7.5HIGHAttack VectorNetworkHoe de aanvaller het doel bereiktAttack ComplexityLowVereiste omstandigheden om te exploiterenPrivileges RequiredNoneVereist authenticatieniveau voor aanvalUser InteractionNoneOf het slachtoffer actie moet ondernemenScopeUnchangedImpact buiten het getroffen onderdeelConfidentialityNoneRisico op blootstelling van gevoelige dataIntegrityNoneRisico op ongeautoriseerde gegevenswijzigingAvailabilityHighRisico op verstoring van dienstennextguardhq.com · CVSS v3.1 Basisscore
Wat betekenen deze metrics?
Attack Vector
Netwerk — op afstand uitbuitbaar via internet. Geen fysieke of lokale toegang vereist.
Attack Complexity
Laag — geen speciale voorwaarden vereist. Betrouwbaar uitbuitbaar.
Privileges Required
Geen — geen authenticatie vereist om te exploiteren.
User Interaction
Geen — automatische en stille aanval. Slachtoffer doet niets.
Scope
Ongewijzigd — impact beperkt tot het kwetsbare component.
Confidentiality
Geen — geen vertrouwelijkheidsimpact.
Integrity
Geen — geen integriteitsimpact.
Availability
Hoog — volledige crash of uitputting van resources. Totale denial of service.

Getroffen Software

Componentbigip
LeverancierF5
Minimumversie16.1.0
Maximumversie17.5.1.4
Opgelost in17.5.1.4

Zwakheidsclassificatie (CWE)

CWE-770

Tijdlijn

  1. Gereserveerd
  2. Gepubliceerd

Mitigatie en Workaroundswordt vertaald…

The primary mitigation for CVE-2026-41227 is to upgrade F5 BIG-IP to version 17.5.1.4 or later, which contains the fix. If immediate upgrade is not feasible, implement temporary workarounds. Configure a Web Application Firewall (WAF) or proxy to filter out potentially malicious HTTP/2 requests. Specifically, look for unusual header patterns or request sizes that deviate from expected traffic. Consider implementing rate limiting on HTTP/2 connections to reduce the impact of a potential attack. Monitor TMM process resource utilization closely; spikes in memory consumption could indicate exploitation attempts. After upgrading, confirm the fix by sending test HTTP/2 requests and verifying that TMM resource usage remains stable.

Hoe te verhelpenwordt vertaald…

Aplique las actualizaciones de seguridad proporcionadas por F5 para BIG-IP. Consulte la nota de seguridad K000158979 en el sitio web de F5 para obtener más detalles sobre las versiones afectadas y las actualizaciones disponibles.

Veelgestelde vragenwordt vertaald…

What is CVE-2026-41227 — DoS in F5 BIG-IP?

CVE-2026-41227 is a high-severity Denial of Service vulnerability in F5 BIG-IP affecting versions 16.1.0–17.5.1.4. Malformed HTTP/2 traffic can cause service disruption by terminating the TMM process.

Am I affected by CVE-2026-41227 in F5 BIG-IP?

You are affected if you are running F5 BIG-IP versions 16.1.0 through 17.5.1.4 and have HTTP/2 virtual servers with Layer 7 DoS Protection enabled. Check your version immediately.

How do I fix CVE-2026-41227 in F5 BIG-IP?

Upgrade to F5 BIG-IP version 17.5.1.4 or later. As a temporary workaround, configure WAF rules to filter malicious HTTP/2 requests.

Is CVE-2026-41227 being actively exploited?

As of the publication date, there are no publicly known exploits or active campaigns targeting CVE-2026-41227, but the potential for exploitation exists.

Where can I find the official F5 advisory for CVE-2026-41227?

Refer to the official F5 Security Advisory for CVE-2026-41227 on the F5 website (link will be available upon publication).

Is jouw project getroffen?

Upload je dependency-bestand en kom direct te weten of deze en andere CVEs jou raken.

Gratis scannenCVEs zoeken
livefree scan

Probeer het nu — geen account

Upload een manifest (composer.lock, package-lock.json, WordPress pluginlijst…) of plak uw componentenlijst. U ontvangt direct een kwetsbaarheidsrapport. Een bestand uploaden is slechts het begin: met een account krijgt u continue monitoring, Slack/e-mail alerts, multi-project en white-label rapporten.

Manual scanSlack/email alertsscanZone.capMonitorWhite-label reports

Sleep uw afhankelijkheidsbestand hierheen

composer.lock, package-lock.json, requirements.txt, Gemfile.lock, pubspec.lock, Dockerfile...