CVE-2026-34019: CWE-410: Insufficient Resource Pool in F5 BIG-IP
When Bidirectional Forwarding Detection (BFD) is configured in Static and Dynamic routing protocols, undisclosed traffic can cause the Traffic Management Microkernel (TMM) to stop processing BFD packets and cause the configured routing protocol to fail over. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
AI Analysis
Technical Summary
This vulnerability (CVE-2026-34019) affects F5 BIG-IP devices running specific versions when BFD is enabled for static and dynamic routing. The issue stems from insufficient resource handling in the Traffic Management Microkernel, which can be overwhelmed by certain traffic, causing it to stop processing BFD packets. This disruption results in the failure of routing protocol failover mechanisms, potentially impacting network stability. The vulnerability is tracked under CWE-410 (Insufficient Resource Pool). There is no vendor advisory or patch available at this time, and the affected software versions are still under support.
Potential Impact
The impact is a denial of service condition on the routing protocol failover functionality due to the Traffic Management Microkernel ceasing to process BFD packets. This could lead to routing instability or failover failure in networks relying on BFD with static or dynamic routing protocols on affected BIG-IP versions. There are no reports of active exploitation in the wild.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is released, consider disabling BFD if feasible or implementing network-level controls to limit exposure to undisclosed traffic that may trigger this condition. Monitor vendor communications for updates.
CVE-2026-34019: CWE-410: Insufficient Resource Pool in F5 BIG-IP
Description
When Bidirectional Forwarding Detection (BFD) is configured in Static and Dynamic routing protocols, undisclosed traffic can cause the Traffic Management Microkernel (TMM) to stop processing BFD packets and cause the configured routing protocol to fail over. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
This vulnerability (CVE-2026-34019) affects F5 BIG-IP devices running specific versions when BFD is enabled for static and dynamic routing. The issue stems from insufficient resource handling in the Traffic Management Microkernel, which can be overwhelmed by certain traffic, causing it to stop processing BFD packets. This disruption results in the failure of routing protocol failover mechanisms, potentially impacting network stability. The vulnerability is tracked under CWE-410 (Insufficient Resource Pool). There is no vendor advisory or patch available at this time, and the affected software versions are still under support.
Potential Impact
The impact is a denial of service condition on the routing protocol failover functionality due to the Traffic Management Microkernel ceasing to process BFD packets. This could lead to routing instability or failover failure in networks relying on BFD with static or dynamic routing protocols on affected BIG-IP versions. There are no reports of active exploitation in the wild.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is released, consider disabling BFD if feasible or implementing network-level controls to limit exposure to undisclosed traffic that may trigger this condition. Monitor vendor communications for updates.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- f5
- Date Reserved
- 2026-04-30T23:02:33.933Z
- Cvss Version
- 4.0
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 6a049703cbff5d8610dff368
Added to database: 5/13/2026, 3:21:39 PM
Last enriched: 5/13/2026, 4:07:59 PM
Last updated: 5/14/2026, 6:45:35 AM
Views: 2
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
External Links
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.