Vulnerability in F5 Networks Traffic Management Microkernel Affects UDP Virtual Server Configurations
CVE-2026-41956

8.7HIGH

Key Information:

Vendor: F5
Status: Big-ip; Big-ip Next Cnf; Big-ip Next For Kubernetes
Vendor: CVE Published:; 13 May 2026

What is CVE-2026-41956?

An issue has been identified where, upon configuration of a classification profile on a UDP virtual server, an attacker can exploit undisclosed requests to cause the Traffic Management Microkernel (TMM) to terminate unexpectedly. This disruption can lead to service outages and security concerns for affected users. Organizations are advised to assess their configurations and apply the necessary patches to mitigate this vulnerability.

Affected Version(s)

BIG-IP 17.5.0 < 17.5.1.4

BIG-IP 17.1.0 < 17.1.3.1

BIG-IP 16.1.0

References

https://my.f5.com/manage/s/article/K000158038

vendor-advisorypatch

CVSS V4

Score:

8.7

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 13, 2026
Vulnerability Reserved
Apr 30, 2026

Credit

CVE-2026-41956 Data

JSON