LDAP Authentication Vulnerability in F5 BIG-IP Configuration Utility
CVE-2026-39455

8.7HIGH

Key Information:

Vendor: F5
Status: Big-ip
Vendor: CVE Published:; 13 May 2026

What is CVE-2026-39455?

The F5 BIG-IP Configuration Utility can experience a vulnerability when configured for Lightweight Directory Access Protocol (LDAP) authentication. In scenarios where certain undisclosed traffic patterns occur, the httpd process is susceptible to exhausting available file descriptors. This can lead to service disruptions and impact the functionality of the utility. It's crucial for organizations using affected versions to evaluate their configurations and implement necessary security measures.

Affected Version(s)

BIG-IP 21.0.0 < 21.0.0.2

BIG-IP 17.5.0 < 17.5.1.6

BIG-IP 17.1.0 < 17.1.3.2

References

https://my.f5.com/manage/s/article/K000160874

vendor-advisorypatch

CVSS V4

Score:

8.7

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 13, 2026
Vulnerability Reserved
Apr 30, 2026

Credit

CVE-2026-39455 Data

JSON