Volerion logoVolerion
Volerion logoVolerion

F5 BIG-IP Traffic Management Microkernel Denial-of-Service Vulnerability

Vulnerability

A denial-of-service vulnerability has been identified in F5 BIG-IP systems when a classification profile is applied to a UDP virtual server. Under these conditions, certain undisclosed requests can lead to the termination of the Traffic Management Microkernel (TMM) process. This disruption causes a temporary outage as TMM restarts, allowing remote, unauthenticated attackers to interfere with active traffic. The issue is confined to the data plane, with no impact on the control plane.

Impact

Exploitation of this vulnerability disrupts traffic by causing the TMM process to crash and restart, creating a temporary denial-of-service condition on the BIG-IP system.

Remediation

F5 recommends removing the classification profile from UDP virtual servers until a fixed version is installed. For systems with high availability (HA) clustering, specific actions can be configured in the HA table to manage the impact of this vulnerability.

Added: May 13, 2026, 6:00 PM
Updated: May 13, 2026, 6:00 PM

Vulnerability Rating

Custom Algorithm
spread
2.2
impact
2.5
exploitability
7.6
remediation
8.3
relevance
8.2
threat
0.0
urgency
2.9
incentive
4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.