Cyber Resilience

CVE-2026-41218

HighUpdated

Published: 13 May 2026

Published
13 May 2026
Modified
24 June 2026
KEV Added
Patch
CVSS Score v4 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0026 17.7th percentile
Risk Priority 55 floored blend · peak EPSS

Summary

CVE-2026-41218 is a high-severity Use After Free (CWE-416) vulnerability in F5 Big-Ip Access Policy Manager. Its CVSS base score is 8.7 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Application or System Exploitation (T1499.004); ranked at the 17.7th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

EU & UK References

Vulnerability details

When BIG-IP PEM iRules are configured on a virtual server (iRules using commands starting with CLASSIFICATION::, CLASSIFY::, PEM::, PSC::, and the urlcatquery command), undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached…

more

End of Technical Support (EoTS) are not evaluated.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1499.004 Application or System Exploitation Impact
Adversaries may exploit software vulnerabilities that can cause an application or system to crash and deny availability to users.
Why these techniques?

Use-after-free in traffic processing iRules directly enables application exploitation resulting in TMM crash and endpoint DoS.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2025-21087Same product: F5 Big-Ip Access Policy Manager
CVE-2025-21091Same product: F5 Big-Ip Access Policy Manager
CVE-2025-20058Same product: F5 Big-Ip Access Policy Manager
CVE-2025-20045Same product: F5 Big-Ip Access Policy Manager
CVE-2026-42409Same product: F5 Big-Ip Access Policy Manager
CVE-2026-41956Same product: F5 Big-Ip Access Policy Manager
CVE-2026-41217Same product: F5 Big-Ip Access Policy Manager
CVE-2026-41953Same product: F5 Big-Ip Access Policy Manager
CVE-2026-41225Same product: F5 Big-Ip Access Policy Manager
CVE-2025-22846Same product: F5 Big-Ip Access Policy Manager

Affected Assets

f5
big-ip access policy manager
21.0.0 · 17.1.0 — 17.1.3 · 17.5.0 — 17.5.1 · 16.1.0 — 16.1.6
f5
big-ip advanced firewall manager
21.0.0 · 17.1.0 — 17.1.3 · 17.5.0 — 17.5.1 · 16.1.0 — 16.1.6
f5
big-ip advanced web application firewall
21.0.0 · 17.1.0 — 17.1.3 · 17.5.0 — 17.5.1 · 16.1.0 — 16.1.6
f5
big-ip analytics
21.0.0 · 17.1.0 — 17.1.3 · 17.5.0 — 17.5.1 · 16.1.0 — 16.1.6
f5
big-ip application acceleration manager
21.0.0 · 17.1.0 — 17.1.3 · 17.5.0 — 17.5.1 · 16.1.0 — 16.1.6
f5
big-ip application security manager
21.0.0 · 17.1.0 — 17.1.3 · 17.5.0 — 17.5.1 · 16.1.0 — 16.1.6
f5
big-ip application visibility and reporting
21.0.0 · 17.1.0 — 17.1.3 · 17.5.0 — 17.5.1 · 16.1.0 — 16.1.6
f5
big-ip automation toolchain
21.0.0 · 17.1.0 — 17.1.3 · 17.5.0 — 17.5.1 · 16.1.0 — 16.1.6
f5
big-ip carrier-grade nat
21.0.0 · 17.1.0 — 17.1.3 · 17.5.0 — 17.5.1 · 16.1.0 — 16.1.6
f5
big-ip container ingress services
21.0.0 · 17.1.0 — 17.1.3 · 17.5.0 — 17.5.1 · 16.1.0 — 16.1.6
+11 more product configuration(s) — see NVD for full list

Mitigating Controls

Likely Mitigating Controls AI

Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.

addresses: CWE-416

Use-after-free exploits that achieve arbitrary code execution are blocked or significantly hardened by non-executable pages and ASLR.

References