CVE-2026-42781

MEDIUM

F5 BIG-IP 16.1.0-21.1.0 - Denial of Service via ePVA Ethernet Traffic

Title source: llm
STIX 2.1

Description

When embedded Packet Velocity Acceleration (ePVA) acceleration is configured, undisclosed local ethernet traffic can cause an increase in ePVA and Traffic Management Microkernel (TMM) resource utilization.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

References (1)

Core 1
Core References
Vendor Advisory vendor-advisory patch
https://my.f5.com/manage/s/article/K000160862

Scores

CVSS v3 6.5
EPSS 0.0018
EPSS Percentile 7.4%
Attack Vector ADJACENT_NETWORK
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact partial

Details

CWE
CWE-835
Status published
Products (47)
F5/BIG-IP 16.1.0
F5/BIG-IP 17.1.0 - 17.1.3.1
F5/BIG-IP 17.5.0 - 17.5.1.4
F5/BIG-IP 21.0.0 - 21.0.0.1
F5/BIG-IP 21.1.0
f5/big-ip_access_policy_manager 21.0.0
f5/big-ip_access_policy_manager 17.1.0 - 17.1.3
f5/big-ip_advanced_firewall_manager 21.0.0
f5/big-ip_advanced_firewall_manager 17.1.0 - 17.1.3
f5/big-ip_advanced_web_application_firewall 21.0.0
... and 37 more
Published May 13, 2026
Tracked Since May 13, 2026