CVE-2026-40629 F5 CVE debrief

Who should care

Organizations using F5 BIG-IP products with SSL profiles configured on virtual servers should prioritize patching. This includes users of BIG-IP Access Policy Manager, Advanced Firewall Manager, Advanced Web Application Firewall, and other affected products. Security teams should review F5's advisory and implement compensating controls if immediate patching is not feasible.

Technical summary

The vulnerability exists in the virtual server connection processing when SSL profiles are configured. Undisclosed traffic can cause the virtual server to stop accepting new client connections. This issue affects F5 BIG-IP products with versions 16.1.0 through 16.1.6, 17.1.0 through 17.1.3, and 17.5.0 through 17.5.1. The CVSS vector is CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X.

Defensive priority

Apply patches or mitigations recommended by F5 as soon as possible. Review virtual server configurations and monitor for unusual traffic patterns that could be indicative of exploitation attempts.

Recommended defensive actions

• Apply F5 patches for affected BIG-IP products
• Implement compensating controls to monitor and limit traffic to virtual servers
• Review virtual server configurations for SSL profiles
• Monitor for unusual traffic patterns indicative of exploitation attempts
• Update inventory with affected F5 BIG-IP products
• Consider vendor's mitigation guidance

Evidence notes

The CVE record and NVD detail provide information on the vulnerability. F5 has released mitigation guidance via their support article K000158978. The vulnerability affects multiple F5 BIG-IP products across various versions.

Official resources