{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata. Fed continuously.","feed_url":"https://feed.craftedsignal.io/tags/cve-2026-40060/feed.json","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cpes":[],"_cs_cves":[{"cvss":7.5,"id":"CVE-2026-40060"}],"_cs_exploited":false,"_cs_has_poc":false,"_cs_poc_references":[],"_cs_products":["BIG-IP Advanced WAF","BIG-IP ASM"],"_cs_severities":["medium"],"_cs_tags":["denial-of-service","web application firewall","F5","CVE-2026-40060"],"_cs_type":"advisory","_cs_vendors":["F5 Networks"],"content_html":"\u003cp\u003eCVE-2026-40060 is a denial-of-service vulnerability affecting F5 BIG-IP Advanced Web Application Firewall (WAF) and Application Security Manager (ASM) modules. When a BIG-IP virtual server is configured with an Advanced WAF or ASM security policy, specially crafted, undisclosed requests can trigger the termination of the \u003ccode\u003ebd\u003c/code\u003e process. This can lead to a denial-of-service condition, impacting the availability of web applications protected by the affected BIG-IP system. The vulnerability was reported to F5 Networks and assigned a CVSS v3.1 base score of 7.5 (High). Software versions that have reached End of Technical Support (EoTS) are not evaluated.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAn attacker identifies a vulnerable BIG-IP system with an Advanced WAF or ASM security policy enabled on a virtual server.\u003c/li\u003e\n\u003cli\u003eThe attacker crafts a series of undisclosed HTTP requests.\u003c/li\u003e\n\u003cli\u003eThe attacker sends the malicious requests to the targeted virtual server.\u003c/li\u003e\n\u003cli\u003eThe BIG-IP system processes the requests through the configured WAF/ASM security policy.\u003c/li\u003e\n\u003cli\u003eThe crafted requests trigger a fault or unhandled exception within the \u003ccode\u003ebd\u003c/code\u003e process.\u003c/li\u003e\n\u003cli\u003eThe \u003ccode\u003ebd\u003c/code\u003e process terminates unexpectedly as a result of the crafted malicious requests.\u003c/li\u003e\n\u003cli\u003eThe termination of the \u003ccode\u003ebd\u003c/code\u003e process disrupts the normal operation of the BIG-IP system.\u003c/li\u003e\n\u003cli\u003eWeb applications protected by the affected virtual server become unavailable, resulting in a denial-of-service condition.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of CVE-2026-40060 results in a denial-of-service (DoS) condition, rendering web applications protected by the vulnerable BIG-IP system unavailable. The impact is high in terms of availability, as legitimate users are unable to access the affected services. This can lead to business disruption, reputational damage, and potential financial losses for organizations relying on the affected BIG-IP systems. The specific number of victims and sectors targeted will vary depending on the prevalence of the vulnerable configuration.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eRefer to F5\u0026rsquo;s advisory K000160727 for detailed information and mitigation steps.\u003c/li\u003e\n\u003cli\u003eApply the necessary updates or workarounds provided by F5 Networks to address CVE-2026-40060 on vulnerable BIG-IP Advanced WAF and ASM deployments.\u003c/li\u003e\n\u003cli\u003eMonitor web server logs for unusual traffic patterns or anomalies that may indicate exploitation attempts, and deploy the Sigma rule detecting \u003ccode\u003ebd\u003c/code\u003e process crashes to identify potential attacks.\u003c/li\u003e\n\u003cli\u003eImplement rate limiting and traffic filtering mechanisms to mitigate the impact of potential denial-of-service attacks.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-05-13T16:21:54Z","date_published":"2026-05-13T16:21:54Z","id":"https://feed.craftedsignal.io/briefs/2026-05-bigip-waf-dos/","summary":"CVE-2026-40060 describes a vulnerability in F5 BIG-IP Advanced WAF and ASM security policies where undisclosed requests can cause the `bd` process to terminate, leading to a denial-of-service condition.","title":"BIG-IP Advanced WAF/ASM Denial-of-Service Vulnerability (CVE-2026-40060)","url":"https://feed.craftedsignal.io/briefs/2026-05-bigip-waf-dos/"}],"language":"en","title":"CraftedSignal Threat Feed — CVE-2026-40060","version":"https://jsonfeed.org/version/1.1"}