Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2026-22548

When a BIG-IP Advanced WAF or ASM security policy is configured on a virtual server, undisclosed requests along with conditions beyond the attacker's control can cause the bd process to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

Published

2026-02-04T15:16:14.913

Last Modified

2026-02-13T21:44:47.250

Status

Analyzed

Source

[email protected]

Severity

CVSSv3.1: 5.9 (MEDIUM)

Weaknesses

Type: Primary
CWE-362

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	f5	big-ip_advanced_web_application_firewall	< 17.1.3	Yes
Application	f5	big-ip_application_security_manager	< 17.1.3	Yes

References

https://my.f5.com/manage/s/article/K000158072 Vendor Advisory ([email protected])