CVE-2026-34019

MEDIUM

F5 BIG-IP BFD - Routing Protocol Denial of Service

Title source: manual
STIX 2.1

Description

When Bidirectional Forwarding Detection (BFD) is configured in Static and Dynamic routing protocols, undisclosed traffic can cause the Traffic Management Microkernel (TMM) to stop processing BFD packets and cause the configured routing protocol to fail over.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

References (1)

Core 1
Core References
Vendor Advisory vendor-advisory patch
https://my.f5.com/manage/s/article/K000150508

Scores

CVSS v3 5.3
EPSS 0.0029
EPSS Percentile 21.2%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

CISA SSVC

Vulnrichment
Exploitation none
Automatable yes
Technical Impact partial

Details

CWE
CWE-410
Status published
Products (46)
F5/BIG-IP 16.1.0
F5/BIG-IP 17.1.0 - 17.1.3
F5/BIG-IP 17.5.0 - 17.5.1
F5/BIG-IP 21.0.0
f5/big-ip_access_policy_manager 17.5.0
f5/big-ip_access_policy_manager 17.1.0 - 17.1.2
f5/big-ip_advanced_firewall_manager 17.5.0
f5/big-ip_advanced_firewall_manager 17.1.0 - 17.1.2
f5/big-ip_advanced_web_application_firewall 17.5.0
f5/big-ip_advanced_web_application_firewall 17.1.0 - 17.1.2
... and 36 more
Published May 13, 2026
Tracked Since May 13, 2026