HIGHCVE-2026-42781Published 2026-05-13Modified 2026-05-13CNA f5

CVE-2026-42781: BIG-IP FastL4 virtual server vulnerability

When embedded Packet Velocity Acceleration (ePVA) acceleration is configured, undisclosed local ethernet traffic can cause an increase in ePVA and Traffic Management Microkernel (TMM) resource utilization. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

CVSS v4.0: 7.1
Severity: HIGH
Fixed in: 16.1.0
Affected Products: 1

Fix available

16.1.017.1.3.117.5.1.421.0.0.121.1.0

Patch commits

my.f5.com

Affected packages

F5 / BIG-IP
< 21.0.0.1 (from 21.0.0) · < 17.5.1.4 (from 17.5.0) · < 17.1.3.1 (from 17.1.0)
Fixed in 21.1.0, 16.1.0

CVSS Vector

CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

References

my.f5.com

Metrics

Fix available