SSL Configuration Vulnerability in F5 Networks Load Balancer
CVE-2026-40629

8.7HIGH

Key Information:

Vendor: F5
Status: Big-ip; Big-ip Next Spk; Big-ip Next Cnf; Big-ip Next For Kubernetes
Vendor: CVE Published:; 13 May 2026

What is CVE-2026-40629?

This vulnerability arises when SSL profiles are improperly configured on F5 Networks load balancers, leading to a scenario where undisclosed traffic can disrupt the processing of new client connections. This may result in service downtimes and affect the overall availability of applications relying on these systems. Users are urged to review their configurations and apply the recommended patches to mitigate potential risks.

Affected Version(s)

BIG-IP 17.5.0 < 17.5.1.4

BIG-IP 17.1.0 < 17.1.3.1

BIG-IP 16.1.0

References

https://my.f5.com/manage/s/article/K000158978

vendor-advisorypatch

CVSS V4

Score:

8.7

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 13, 2026
Vulnerability Reserved
Apr 30, 2026

Credit

CVE-2026-40629 Data

JSON