Denial of Service Vulnerability in BIG-IP Virtual Edition from F5 Networks
CVE-2026-40618

8.7HIGH

Key Information:

Vendor: F5
Status: Big-ip; Big-ip Next Spk; Big-ip Next Cnf; Big-ip Next For Kubernetes
Vendor: CVE Published:; 13 May 2026

What is CVE-2026-40618?

A vulnerability exists in the BIG-IP Virtual Edition and on certain BIG-IP hardware platforms when an SSL profile is configured without Intel QuickAssist Technology. This flaw can be exploited if the database variable crypto.hwacceleration is set to disabled, leading to the potential termination of the Traffic Management Microkernel (TMM) due to undisclosed traffic incidents.

Affected Version(s)

BIG-IP 21.0.0 < 21.0.0.1

BIG-IP 17.5.0 < 17.1.5.4

BIG-IP 17.1.0 < 17.1.3.1

References

https://my.f5.com/manage/s/article/K000158082

vendor-advisorypatch

CVSS V4

Score:

8.7

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 13, 2026
Vulnerability Reserved
Apr 30, 2026

Credit

CVE-2026-40618 Data

JSON