Main Vulnerability Database Vulnerabilities #VU131412

Missing Release of Resource after Effective Lifetime in BIG-IP - CVE-2026-39455

Published: May 14, 2026

Vulnerability identifier: #VU131412

CSH Severity: Medium

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2026-39455

CWE-ID: CWE-772

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: F5 Networks

Affected software:
BIG-IP

Detailed vulnerability description

The vulnerability allows a remote attacker to cause a denial of service.

The vulnerability exists due to missing release of resource after effective lifetime in the httpd process of the Configuration utility when handling undisclosed traffic while LDAP authentication is enabled. A remote attacker can send undisclosed traffic to cause a denial of service.

This is a control plane issue only and there is no data plane exposure. Only systems configured to use Lightweight Directory Access Protocol authentication are vulnerable.

How to mitigate CVE-2026-39455

Install security update from vendor's website.

Sources

https://my.f5.com/manage/s/article/K000160874

Missing Release of Resource after Effective Lifetime in BIG-IP - CVE-2026-39455

Detailed vulnerability description

How to mitigate CVE-2026-39455

Sources

Please verify you're human