← Back

CVE-2026-40618

nvd nist
Published: May 13, 2026Modified: Jun 29, 2026

JSON object

Loading...
8.7
Vector
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Show more
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:XShow less
Source: f5sirt@f5.com (Secondary)

Description

When an SSL profile is configured on a virtual server on BIG-IP Virtual Edition (VE) without Intel QuickAssist Technology (QAT) or on BIG-IP hardware platforms with the database variable crypto.hwacceleration set to disabled, undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate.   Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

Affected (89)

24 products
Big Ip Access Policy Manager
Big Ip Advanced Firewall Manager
Big Ip Analytics
Big Ip Automation Toolchain
Big Ip Carrier Grade Nat
Big Ip Container Ingress Services
Big Ip Ddos Hybrid Defender
Big Ip Domain Name System
Big Ip Edge Gateway
Big Ip Fraud Protection Service
Big Ip Global Traffic Manager
Big Ip Link Controller
Big Ip Local Traffic Manager
Big Ip Policy Enforcement Manager
Big Ip Ssl Orchestrator
Big Ip Webaccelerator
Big Ip Websafe
Big Ip Next For Kubernetes
Configuration A
42 vulnerable
Vulnerable SoftwareAffected Versions
F5
From 17.1.0 to 17.1.3
From 17.5.0 to 17.5.1
F5
From 17.1.0 to 17.1.3
From 17.5.0 to 17.5.1
F5
From 17.1.0 to 17.1.3
From 17.5.0 to 17.5.1
F5
From 17.1.0 to 17.1.3
From 17.5.0 to 17.5.1
F5
From 17.1.0 to 17.1.3
From 17.5.0 to 17.5.1
F5
From 17.1.0 to 17.1.3
From 17.5.0 to 17.5.1
F5
From 17.1.0 to 17.1.3
From 17.5.0 to 17.5.1
F5
From 17.1.0 to 17.1.3
From 17.5.0 to 17.5.1
F5
From 17.1.0 to 17.1.3
From 17.5.0 to 17.5.1
F5
From 17.1.0 to 17.1.3
From 17.5.0 to 17.5.1
F5
From 17.1.0 to 17.1.3
From 17.5.0 to 17.5.1
F5
From 17.1.0 to 17.1.3
From 17.5.0 to 17.5.1
F5
From 17.1.0 to 17.1.3
From 17.5.0 to 17.5.1
F5
From 17.1.0 to 17.1.3
From 17.5.0 to 17.5.1
F5
From 17.1.0 to 17.1.3
From 17.5.0 to 17.5.1
F5
From 17.1.0 to 17.1.3
From 17.5.0 to 17.5.1
F5
From 17.1.0 to 17.1.3
From 17.5.0 to 17.5.1
F5
From 17.1.0 to 17.1.3
From 17.5.0 to 17.5.1
F5
From 17.1.0 to 17.1.3
From 17.5.0 to 17.5.1
F5
From 17.1.0 to 17.1.3
From 17.5.0 to 17.5.1
F5
From 17.1.0 to 17.1.3
From 17.5.0 to 17.5.1
Configuration B
21 vulnerable
Vulnerable SoftwareAffected Versions
From 16.1.0 to 16.1.6
From 16.1.0 to 16.1.6
From 16.1.0 to 16.1.6
From 16.1.0 to 16.1.6
From 16.1.0 to 16.1.6
From 16.1.0 to 16.1.6
From 16.1.0 to 16.1.6
From 16.1.0 to 16.1.6
From 16.1.0 to 16.1.6
From 16.1.0 to 16.1.6
From 16.1.0 to 16.1.6
From 16.1.0 to 16.1.6
From 16.1.0 to 16.1.6
From 16.1.0 to 16.1.6
From 16.1.0 to 16.1.6
From 16.1.0 to 16.1.6
From 16.1.0 to 16.1.6
From 16.1.0 to 16.1.6
From 16.1.0 to 16.1.6
From 16.1.0 to 16.1.6
From 16.1.0 to 16.1.6
Configuration C
21 vulnerable
Configuration D
2 vulnerable
Vulnerable SoftwareAffected Versions
F5
From 1.7.0 to 1.9.2
From 2.0.0 to 2.0.3
Configuration E
2 vulnerable
Vulnerable SoftwareAffected Versions
F5
From 1.1.0 to 1.4.1
From 2.0.0 to 2.2.1
Configuration F
1 vulnerable
Vulnerable SoftwareAffected Versions
From 2.0.0 to 2.1.1

References (1)

Source: f5sirt@f5.com
MitigationVendor Advisory

Timeline

No history available yet.