Description
When an HTTP/2 profile is configured on a virtual server, undisclosed requests can cause an increase in memory resource utilization.  









Impact:
System performance can degrade until the TMM process is either forced to restart or is manually restarted. This vulnerability allows a remote, unauthenticated attacker to cause a degradation of service that can lead to a denial-of-service (DoS) on the BIG-IP system. There is no control plane exposure; this is a data plane issue only.





Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
Published: 2026-07-15
Score: 8.7 High
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Analysis and contextual insights are available on OpenCVE Cloud.

Remediation

No vendor fix or workaround currently provided.

Additional remediation guidance may be available on OpenCVE Cloud.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 15 Jul 2026 19:30:00 +0000

Type Values Removed Values Added
First Time appeared F5
F5 big-ip
F5 big-ip Next Cnf
F5 big-ip Next For Kubernetes
F5 big-ip Next Spk
Vendors & Products F5
F5 big-ip
F5 big-ip Next Cnf
F5 big-ip Next For Kubernetes
F5 big-ip Next Spk

Wed, 15 Jul 2026 16:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Wed, 15 Jul 2026 15:00:00 +0000

Type Values Removed Values Added
Description When an HTTP/2 profile is configured on a virtual server, undisclosed requests can cause an increase in memory resource utilization.   Impact: System performance can degrade until the TMM process is either forced to restart or is manually restarted. This vulnerability allows a remote, unauthenticated attacker to cause a degradation of service that can lead to a denial-of-service (DoS) on the BIG-IP system. There is no control plane exposure; this is a data plane issue only. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
Title BIG-IP HTTP/2 vulnerability
Weaknesses CWE-770
References
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}

cvssV4_0

{'score': 8.7, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N'}


Subscriptions

F5 Big-ip Big-ip Next Cnf Big-ip Next For Kubernetes Big-ip Next Spk
cve-icon MITRE

Status: PUBLISHED

Assigner: f5

Published:

Updated: 2026-07-15T15:35:16.895Z

Reserved: 2026-07-08T15:49:43.031Z

Link: CVE-2026-59762

cve-icon Vulnrichment

Updated: 2026-07-15T15:35:08.307Z

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-07-15T19:15:14Z

Weaknesses