CVE-2026-40618 F5 CVE debrief

Who should care

Administrators and security teams responsible for managing BIG-IP systems should be aware of this vulnerability and take immediate action to mitigate the risk. This includes reviewing system configurations, updating to patched versions, and implementing compensating controls if necessary.

Technical summary

The vulnerability exists in BIG-IP Virtual Edition (VE) without Intel QuickAssist Technology (QAT) or on BIG-IP hardware platforms with the database variable crypto.hwacceleration set to disabled. When an SSL profile is configured on a virtual server, undisclosed traffic can cause the TMM to terminate, resulting in a denial of service. The vulnerability affects multiple versions of BIG-IP, including 16.1.0-16.1.6, 17.1.0-17.1.3, and 17.5.0-17.5.1.

Defensive priority

This vulnerability has a high CVSS score of 8.7 and can cause significant disruption to BIG-IP systems. Immediate attention is required to mitigate the risk, especially for which the affected systems are critical or have high traffic volumes.

Recommended defensive actions

• Review BIG-IP system configurations to ensure Intel QuickAssist Technology (QAT) is utilized if available.
• Update BIG-IP systems to patched versions (17.1.4 or later, 17.5.2 or later, 16.1.7 or later).
• Implement compensating controls, such as rate limiting or traffic filtering, to reduce exposure.
• Monitor system logs and traffic patterns for signs of exploitation attempts.
• Perform regular vulnerability assessments and penetration testing to identify potential weaknesses.

Evidence notes

The CVE-2026-40618 vulnerability was identified through analysis of BIG-IP system configurations and traffic patterns. The CVSS score of 8.7 indicates high severity, and the potential impact on BIG-IP systems is significant. F5 has provided mitigation guidance and patches for affected versions.

Official resources