PT-2026-40675 · F5 · Big-Ip

Published

2026-05-13

Updated

2026-05-17

CVE-2026-42920

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions F5 BIG-IP versions prior to 17.1.3.1 F5 BIG-IP versions prior to 17.5.1.4 F5 BIG-IP versions prior to 21.0.0.1

Description When a Client SSL profile is configured with Allow Dynamic Record Sizing on a UDP virtual server, undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate. This issue can lead to an infinite loop within the TMM.

Recommendations Update to version 17.1.3.1 or later. Update to version 17.5.1.4 or later. Update to version 21.0.0.1 or later.

Fix

Infinite Loop

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-835

Related Identifiers

CVE-2026-42920

Affected Products

Big-Ip

PT-2026-40675 · F5 · Big-Ip

CVE-2026-42920

Weakness Enumeration

Related Identifiers

Affected Products

References · 3