Warning: F5 BIG-IP TMM Vulnerability Could Lead to Denial-of-Service (DoS), Patch Immediately!

• Last update: 19/02/2026
• Affected software: BIG-IP AFM and DDoS Hybrid Defender version 17.x – 17.5.1.4
• Type: Denial-of-Service (DoS)
• CVE/CVSS
  → CVE-2026-2507: CVSS 7.5 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

Sources

F5 - https://my.f5.com/manage/s/article/K000160003

Risks

BIG-IP TTM (Traffic Management Microkernel) vulnerability allows a remote unauthenticated attacker to send undisclosed traffic to the appliance when BIG-IP AFM or DDoS modules are provisioned, which could result in a denial-of-service on the BIG-IP system.

If exploited this could lead to service interruptions impacting availability of critical businesses.

Description

CVE-2026-2507 is a high-severity vulnerability affecting BIG-IP AFM and DDoS Hybrid Defender versions 17.x - 17.5.1.4. When BIG-IP AFM or BIG-IP DDoS Hybrid Defender is provisioned, undisclosed traffic can cause TMM to terminate.

Successful exploitation could allow a remote attacker to crash or terminate TMM, resulting in service interruptions without requiring authentication.

This vulnerability is network-based with no user interaction and no privileges required, making it particularly attractive to attackers aiming to disrupt or disable services.

Recommended Actions

Patch
The Centre for Cybersecurity Belgium strongly recommends installing updates for vulnerable devices with the highest priority after thorough testing.

Monitor/Detect
The CCB recommends organizations upscale monitoring and detection capabilities to identify any related suspicious activity and ensure a swift response in case of an intrusion.

In case of an intrusion, you can report an incident via https://ccb.belgium.be/en/cert/report-incident.

While patching appliances or software to the newest version may protect against future exploitation, it does not remediate historic compromise.

References

Tenable - https://www.tenable.com/cve/CVE-2026-2507