Memory Resource Utilization Issue in F5 BIG-IP
CVE-2026-59762
8.7HIGH
Key Information:
- Vendor
F5
- Vendor
- CVE Published:
- 15 July 2026
What is CVE-2026-59762?
A configuration of an HTTP/2 profile on a virtual server within the F5 BIG-IP platform can be exploited through undisclosed requests, leading to increased memory resource utilization. This vulnerability permits a remote, unauthenticated attacker to degrade system performance significantly, which may ultimately result in denial-of-service (DoS) conditions if the TMM process is not manually restarted. It's crucial to note that this issue impacts data plane operations without exposing the control plane directly.
Affected Version(s)
BIG-IP 21.1.0 < 21.1.0.1
BIG-IP 21.0.0 < 21.0.0.3
BIG-IP 17.5.0 < 17.5.1.8
References
CVSS V4
Score:
8.7
Severity:
HIGH
Confidentiality:
None
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None
Timeline
Vulnerability published
Vulnerability Reserved
Credit
F5 acknowledges the Okta Red Team of Okta for bringing this issue to our attention and following the highest standards of coordinated disclosure.