CVE-2026-40423— BIG-IP SIP profile vulnerability
Possible ATT&CK Techniques 1AI
T1190 · Exploit Public-Facing ApplicationGet alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2026-40423
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
BIG-IP SIP profile vulnerability
Source: NVD (National Vulnerability Database)
Vulnerability Description
When a SIP profile is configured on a virtual server, undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Source: NVD (National Vulnerability Database)
Vulnerability Type
不加限制或调节的资源分配
Source: NVD (National Vulnerability Database)
Vulnerability Title
F5 BIG-IP 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
F5 BIG-IP是美国F5公司的一款集成了网络流量管理、应用程序安全管理、负载均衡等功能的应用交付平台。 F5 BIG-IP存在安全漏洞,该漏洞源于配置了SIP配置文件的虚拟服务器上,未公开的流量可能导致TMM终止。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
II. Public POCs for CVE-2026-40423
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2026-40423
请登录查看更多情报信息。
Same Patch Batch · F5 · 2026-05-13 · 51 CVEs total
| CVE-2026-41225 | 9.1 CRITICAL | iControl REST vulnerability |
| CVE-2026-41957 | 8.8 HIGH | BIG-IP and BIG-IQ Configuration utility vulnerability |
| CVE-2026-40061 | 8.7 HIGH | iControl REST and tmsh vulnerability |
| CVE-2026-32673 | 8.7 HIGH | BIG-IP scripted monitor vulnerability |
| CVE-2026-34176 | 8.7 HIGH | Knowledge Appliance mode iControl REST vulnerability |
| CVE-2026-42930 | 8.7 HIGH | Appliance mode iControl REST vulnerability |
| CVE-2026-20916 | 8.1 HIGH | BIG-IQ iControl REST vulnerability |
| CVE-2026-42945 | 8.1 HIGH | NGINX ngx_http_rewrite_module vulnerability |
| CVE-2026-41217 | 7.9 HIGH | BIG-IP tmsh vulnerability |
| CVE-2026-41956 | 7.5 HIGH | BIG-IP TMM Vulnerability |
| CVE-2026-40060 | 7.5 HIGH | BIG-IP Advanced WAF and ASM vulnerability |
| CVE-2026-40618 | 7.5 HIGH | BIG-IP SSL/TLS vulnerability |
| CVE-2026-42920 | 7.5 HIGH | BIG-IP DTLS Vulnerability |
| CVE-2026-40629 | 7.5 HIGH | BIG-IP SSL/TLS vulnerability |
| CVE-2026-41227 | 7.5 HIGH | BIG-IP HTTP/2 Layer 7 Dos Protection vulnerability |
| CVE-2026-42409 | 7.5 HIGH | BIG-IP HTTP/2 vulnerability |
| CVE-2026-39455 | 7.5 HIGH | BIG-IP Configuration utility vulnerability |
| CVE-2026-41218 | 7.5 HIGH | BIG-IP PEM iRules vulnerability |
| CVE-2026-40067 | 7.5 HIGH | BIG-IP APM Vulnerability |
| CVE-2026-39458 | 7.5 HIGH | BIG-IP DNS Cache vulnerability |
Showing top 20 of 51 CVEs. View all on vendor page → →
IV. Related Vulnerabilities
Same vendor: F5
Same weakness: CWE-770
- CVE-2021-47959
WordPress Plugin WPGraphQL 1.3.5 Denial of Service - CVE-2026-44679
Tuist: Forgot password flow lacks throttling for reset email - CVE-2026-44216
Wasmtime: Panic when allocating a table exceeding the size o - CVE-2026-8468
Unbounded buffer accumulation in multipart header parsing ca - CVE-2025-14870
Allocation of Resources Without Limits or Throttling in GitL
V. Comments for CVE-2026-40423
No comments yet