CVE-2026-40435 F5 CVE debrief

Who should care

Organizations using F5 BIG-IP products, particularly those with IP-based access restrictions for httpd, should be aware of this vulnerability. They should review their configurations and apply mitigations or patches as recommended by the vendor. This vulnerability may impact the security of their network and systems.

Technical summary

The vulnerability exists in multiple F5 BIG-IP products, including BIG-IP Access Policy Manager, BIG-IP Advanced Firewall Manager, and others. The issue arises from incomplete IP-based access restrictions for httpd, potentially allowing unauthorized access from blocked addresses. The vulnerability affects various versions of these products, including 16.1.0 through 16.1.6, 17.1.0 through 17.1.3, and 17.5.0 through 17.5.1.

Defensive priority

Defenders should prioritize patching or mitigating this vulnerability, especially if they use affected F5 BIG-IP products with IP-based access restrictions for httpd. They should review their configurations and apply vendor-recommended fixes to prevent potential unauthorized access.

Recommended defensive actions

• Review and update configurations for IP-based access restrictions on httpd to ensure all endpoints are covered.
• Apply patches or mitigations recommended by F5 for affected BIG-IP products.
• Monitor network and system logs for suspicious activity related to httpd and access restrictions.
• Consider compensating controls, such as additional authentication mechanisms or network segmentation.
• Verify that all BIG-IP products and versions are up-to-date with the latest security patches.

Evidence notes

The CVE record and NVD details provide information on the vulnerability, its impact, and affected products. The vendor advisory (K000156604) offers specific guidance on mitigation and patches. The CVSS score and vector provide a standardized measure of the vulnerability's severity.

Official resources