CVE-2026-42781

MEDIUM

F5 BIG-IP 16.1.0-21.1.0 - Denial of Service via ePVA Ethernet Traffic

Title source: llm
STIX 2.1

Description

When embedded Packet Velocity Acceleration (ePVA) acceleration is configured, undisclosed local ethernet traffic can cause an increase in ePVA and Traffic Management Microkernel (TMM) resource utilization.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

References (1)

Core 1
Core References
Vendor Advisory vendor-advisory patch
https://my.f5.com/manage/s/article/K000160862

Scores

CVSS v3 6.5
EPSS 0.0003
EPSS Percentile 8.2%
Attack Vector ADJACENT_NETWORK
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact partial

Details

CWE
CWE-835
Status published
Products (5)
F5/BIG-IP 16.1.0
F5/BIG-IP 17.1.0 - 17.1.3.1
F5/BIG-IP 17.5.0 - 17.5.1.4
F5/BIG-IP 21.0.0 - 21.0.0.1
F5/BIG-IP 21.1.0
Published May 13, 2026
Tracked Since May 13, 2026