Memory Resource Utilization Issue in F5 BIG-IP
CVE-2026-59762

8.7HIGH

Key Information:

Vendor

F5

Vendor
CVE Published:
15 July 2026

What is CVE-2026-59762?

A configuration of an HTTP/2 profile on a virtual server within the F5 BIG-IP platform can be exploited through undisclosed requests, leading to increased memory resource utilization. This vulnerability permits a remote, unauthenticated attacker to degrade system performance significantly, which may ultimately result in denial-of-service (DoS) conditions if the TMM process is not manually restarted. It's crucial to note that this issue impacts data plane operations without exposing the control plane directly.

Affected Version(s)

BIG-IP 21.1.0 < 21.1.0.1

BIG-IP 21.0.0 < 21.0.0.3

BIG-IP 17.5.0 < 17.5.1.8

References

CVSS V4

Score:
8.7
Severity:
HIGH
Confidentiality:
None
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

F5 acknowledges the Okta Red Team of Okta for bringing this issue to our attention and following the highest standards of coordinated disclosure.
.