PT-2026-40640 · F5 · Big-Ip

Published

2026-05-13

Updated

2026-05-17

CVE-2026-39455

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions F5 BIG-IP versions prior to 17.1.3.2 F5 BIG-IP versions prior to 17.5.1.6 F5 BIG-IP versions prior to 21.0.0.2

Description When the BIG-IP Configuration utility is configured to use Lightweight Directory Access Protocol (LDAP) authentication, undisclosed traffic can cause the httpd process to exhaust available file descriptors. This results in a release of resource issue within the LDAP component.

Recommendations Update to version 17.1.3.2 or later. Update to version 17.5.1.6 or later. Update to version 21.0.0.2 or later.

Fix

Missing Release of Resource after Effective Lifetime

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-772

Related Identifiers

CVE-2026-39455

Affected Products

Big-Ip

PT-2026-40640 · F5 · Big-Ip

CVE-2026-39455

Weakness Enumeration

Related Identifiers

Affected Products

References · 3