Last Modified: Feb 03, 2026
Affected Product(s):
BIG-IP LTM
Known Affected Versions:
17.5.1, 17.5.1.2, 17.5.1.3, 17.5.1.4
Opened: Jan 14, 2026 Severity: 3-Major
BIG-IP negotiates a number of concurrent streams over HTTP/2 connection per RFC requirement. It immediately enforces this limitation once the protocol is agreed and first SETTINGS frame is issued.
The client may send more requests than the limit set by BIG-IP over the established HTTP/2 connection and it causes the BIG-IP system to reset the extra streams. If Reset Stream Protection is enabled, it may result in the connection being shutdown by the BIG-IP system.
BIG-IP has a virtual with http2 profile. A client connects to the virtual and negotiates or starts HTTP/2 connection.
None.
None