GHSA-3vvh-xmcx-wpghHighCVSS 7.5

When an HTTP/2 profile is configured on a virtual server, undisclosed requests can cause an...

Published
July 15, 2026
Last Modified
July 15, 2026

🔗 CVE IDs covered (1)

📋 Description

When an HTTP/2 profile is configured on a virtual server, undisclosed requests can cause an increase in memory resource utilization.  

Impact: System performance can degrade until the TMM process is either forced to restart or is manually restarted. This vulnerability allows a remote, unauthenticated attacker to cause a degradation of service that can lead to a denial-of-service (DoS) on the BIG-IP system. There is no control plane exposure; this is a data plane issue only.

Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

🔗 References (3)