{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata. Fed continuously.","feed_url":"https://feed.craftedsignal.io/products/big-ip-virtual-edition-ve/feed.json","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cpes":[],"_cs_cves":[{"cvss":7.5,"id":"CVE-2026-40618"}],"_cs_exploited":false,"_cs_has_poc":false,"_cs_poc_references":[],"_cs_products":["BIG-IP Virtual Edition (VE)"],"_cs_severities":["medium"],"_cs_tags":["cve","dos","big-ip"],"_cs_type":"advisory","_cs_vendors":["F5 Networks","Intel"],"content_html":"\u003cp\u003eCVE-2026-40618 affects F5 BIG-IP Virtual Edition (VE) and hardware platforms where the Traffic Management Microkernel (TMM) can be terminated due to undisclosed traffic conditions. This occurs when an SSL profile is configured on a virtual server without Intel QuickAssist Technology (QAT) support, or when the database variable \u003ccode\u003ecrypto.hwacceleration\u003c/code\u003e is set to disabled. Exploitation results in a denial-of-service condition, impacting availability. F5 has not evaluated software versions that have reached End of Technical Support (EoTS). The vulnerability was reported on May 13, 2026.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAn attacker identifies a vulnerable BIG-IP VE instance without Intel QAT or with \u003ccode\u003ecrypto.hwacceleration\u003c/code\u003e disabled.\u003c/li\u003e\n\u003cli\u003eThe attacker crafts specific network traffic targeting a virtual server configured with an SSL profile.\u003c/li\u003e\n\u003cli\u003eThe malicious traffic is sent to the targeted BIG-IP VE instance.\u003c/li\u003e\n\u003cli\u003eDue to a calculation error (CWE-131) when processing the SSL traffic, the Traffic Management Microkernel (TMM) experiences a fault.\u003c/li\u003e\n\u003cli\u003eThe TMM process terminates unexpectedly.\u003c/li\u003e\n\u003cli\u003eThe BIG-IP system experiences a denial-of-service condition, as the TMM is responsible for handling traffic.\u003c/li\u003e\n\u003cli\u003eLegitimate users are unable to access services provided by the BIG-IP VE instance.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of CVE-2026-40618 results in a denial-of-service condition on the affected BIG-IP VE instance. This means that the device becomes unavailable, disrupting network services and potentially impacting business operations. The severity is rated high due to the ease of exploitation (low attack complexity, no privileges required).\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eMonitor network traffic for anomalous SSL connections that may be attempting to trigger the vulnerability (see Sigma rule \u003ccode\u003eDetect Unusual SSL Traffic to BIG-IP\u003c/code\u003e).\u003c/li\u003e\n\u003cli\u003eRefer to F5\u0026rsquo;s advisory K000158082 for specific mitigation steps and recommended configurations.\u003c/li\u003e\n\u003cli\u003eEnable Intel QuickAssist Technology (QAT) on BIG-IP VE instances where possible to prevent exploitation if the root cause relates to software crypto implementation.\u003c/li\u003e\n\u003cli\u003eEnsure that the \u003ccode\u003ecrypto.hwacceleration\u003c/code\u003e database variable is properly configured according to F5\u0026rsquo;s recommendations.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-05-13T16:22:47Z","date_published":"2026-05-13T16:22:47Z","id":"https://feed.craftedsignal.io/briefs/2026-05-cve-2026-40618/","summary":"CVE-2026-40618 describes a vulnerability in F5 BIG-IP Virtual Edition (VE) where specific traffic can cause the Traffic Management Microkernel (TMM) to terminate when an SSL profile is configured without Intel QuickAssist Technology (QAT) or with crypto.hwacceleration disabled, potentially leading to a denial-of-service.","title":"BIG-IP VE TMM Termination Vulnerability (CVE-2026-40618)","url":"https://feed.craftedsignal.io/briefs/2026-05-cve-2026-40618/"}],"language":"en","title":"CraftedSignal Threat Feed — BIG-IP Virtual Edition (VE)","version":"https://jsonfeed.org/version/1.1"}