{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata. Fed continuously.","feed_url":"https://feed.craftedsignal.io/products/big-ip-configuration-utility/feed.json","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cpes":[],"_cs_cves":[{"cvss":7.5,"id":"CVE-2026-39455"}],"_cs_exploited":false,"_cs_has_poc":false,"_cs_poc_references":[],"_cs_products":["BIG-IP Configuration utility"],"_cs_severities":["medium"],"_cs_tags":["denial-of-service","cve"],"_cs_type":"advisory","_cs_vendors":["F5 Networks"],"content_html":"\u003cp\u003eCVE-2026-39455 affects the F5 BIG-IP Configuration utility. When the utility is configured to use Lightweight Directory Access Protocol (LDAP) for authentication, a specific type of undisclosed network traffic can trigger a denial-of-service condition. This occurs due to the httpd process exhausting available file descriptors, preventing legitimate users from accessing or managing the BIG-IP system. Exploitation requires the BIG-IP system to be configured for LDAP authentication. Software versions that have reached End of Technical Support (EoTS) are not evaluated.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eThe attacker sends undisclosed traffic to the BIG-IP Configuration utility.\u003c/li\u003e\n\u003cli\u003eThe BIG-IP Configuration utility attempts to process the malicious traffic via the httpd process.\u003c/li\u003e\n\u003cli\u003eDue to the nature of the traffic and the LDAP configuration, the httpd process starts to open file descriptors.\u003c/li\u003e\n\u003cli\u003eThe attacker continues to send the malicious traffic, causing the httpd process to rapidly consume available file descriptors.\u003c/li\u003e\n\u003cli\u003eThe httpd process reaches the system\u0026rsquo;s limit on open file descriptors.\u003c/li\u003e\n\u003cli\u003eSubsequent requests to the httpd process fail, as it cannot open new file descriptors to handle them.\u003c/li\u003e\n\u003cli\u003eLegitimate users are unable to access the BIG-IP Configuration utility, resulting in a denial-of-service.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eA successful attack exploiting CVE-2026-39455 results in a denial-of-service condition, rendering the BIG-IP Configuration utility inaccessible. Administrators are unable to manage or configure the BIG-IP system via the web interface, potentially impacting network operations and security. The severity is rated as High by F5 Networks with a CVSS v3.1 score of 7.5.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eMonitor web server logs for unusual patterns or high request rates targeting the BIG-IP Configuration utility to identify potential exploitation attempts.\u003c/li\u003e\n\u003cli\u003eDeploy the Sigma rule provided below to detect potential file descriptor exhaustion events related to the httpd process.\u003c/li\u003e\n\u003cli\u003eRefer to F5\u0026rsquo;s advisory K000160874 for mitigation guidance and software updates.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-05-13T16:21:23Z","date_published":"2026-05-13T16:21:23Z","id":"https://feed.craftedsignal.io/briefs/2026-05-bigip-ldap-dos/","summary":"CVE-2026-39455 describes a denial-of-service vulnerability in the BIG-IP Configuration utility when configured with LDAP authentication, where undisclosed traffic can cause the httpd process to exhaust file descriptors.","title":"BIG-IP Configuration Utility LDAP Authentication Denial-of-Service (CVE-2026-39455)","url":"https://feed.craftedsignal.io/briefs/2026-05-bigip-ldap-dos/"}],"language":"en","title":"CraftedSignal Threat Feed — BIG-IP Configuration Utility","version":"https://jsonfeed.org/version/1.1"}