{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata. Fed continuously.","feed_url":"https://feed.craftedsignal.io/products/big-ip-apm/feed.json","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cpes":[],"_cs_cves":[{"cvss":7.5,"id":"CVE-2026-40067"}],"_cs_exploited":false,"_cs_has_poc":false,"_cs_poc_references":[],"_cs_products":["BIG-IP APM"],"_cs_severities":["medium"],"_cs_tags":["dos","cve-2026-40067","f5"],"_cs_type":"advisory","_cs_vendors":["F5 Networks"],"content_html":"\u003cp\u003eA denial-of-service vulnerability exists in F5 BIG-IP Access Policy Manager (APM). When an APM access policy is configured on a virtual server, sending undisclosed traffic can trigger a termination of the \u003ccode\u003eapmd\u003c/code\u003e process. This vulnerability is identified as CVE-2026-40067 and has a CVSS v3.1 base score of 7.5. Successful exploitation results in a denial of service, impacting the availability of the affected virtual server. Software versions that have reached End of Technical Support (EoTS) are not evaluated. Defenders should apply relevant patches or mitigations from F5 Networks.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003cp\u003eDue to the limited information available, a precise attack chain cannot be defined. However, a plausible attack chain involves the following general steps:\u003c/p\u003e\n\u003col\u003e\n\u003cli\u003eAn attacker identifies a BIG-IP virtual server with an active APM access policy.\u003c/li\u003e\n\u003cli\u003eThe attacker crafts malicious network traffic. Details of the traffic are undisclosed in the vulnerability report.\u003c/li\u003e\n\u003cli\u003eThe attacker sends the crafted traffic to the virtual server.\u003c/li\u003e\n\u003cli\u003eThe APM processes the traffic via the \u003ccode\u003eapmd\u003c/code\u003e process.\u003c/li\u003e\n\u003cli\u003eThe vulnerability within the \u003ccode\u003eapmd\u003c/code\u003e process is triggered due to the malicious traffic.\u003c/li\u003e\n\u003cli\u003eThe \u003ccode\u003eapmd\u003c/code\u003e process terminates unexpectedly.\u003c/li\u003e\n\u003cli\u003eThe virtual server becomes unavailable due to the termination of the \u003ccode\u003eapmd\u003c/code\u003e process.\u003c/li\u003e\n\u003cli\u003eLegitimate users are unable to access resources protected by the APM access policy.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of CVE-2026-40067 results in a denial-of-service condition on the targeted BIG-IP virtual server. This means legitimate users will be unable to access applications and services protected by the APM access policy. The NVD entry for this CVE lists a CVSS v3.1 base score of 7.5, indicating a high impact on availability. The number of affected organizations will depend on the prevalence of vulnerable BIG-IP APM configurations.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eReview and apply the mitigations or patches provided by F5 Networks in their security advisory K000161056 to address CVE-2026-40067.\u003c/li\u003e\n\u003cli\u003eMonitor network traffic for anomalies that may indicate exploitation attempts targeting BIG-IP APM (consider deploying generic DoS rules as a temporary measure).\u003c/li\u003e\n\u003cli\u003eImplement the Sigma rule \u003ccode\u003eDetect BIG-IP APM apmd Process Crash\u003c/code\u003e to identify unexpected terminations of the \u003ccode\u003eapmd\u003c/code\u003e process, which could signal exploitation of CVE-2026-40067.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-05-13T16:22:19Z","date_published":"2026-05-13T16:22:19Z","id":"https://feed.craftedsignal.io/briefs/2026-05-f5-big-ip-apm-dos/","summary":"A vulnerability exists in F5 BIG-IP APM where, when an APM access policy is configured on a virtual server, undisclosed network traffic can cause the apmd process to terminate, resulting in a denial of service (CVE-2026-40067).","title":"F5 BIG-IP APM Undisclosed Traffic Denial-of-Service Vulnerability (CVE-2026-40067)","url":"https://feed.craftedsignal.io/briefs/2026-05-f5-big-ip-apm-dos/"}],"language":"en","title":"CraftedSignal Threat Feed — BIG-IP APM","version":"https://jsonfeed.org/version/1.1"}