Search

Find a vulnerability

Search criteria Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.

    1439 vulnerabilities found for Junos OS by Juniper Networks

    CVE-2026-57054 (GCVE-0-2026-57054)

    Vulnerability from nvd – Published: 2026-07-09 21:14 – Updated: 2026-07-09 21:14
    VLAI
    Title
    Junos OS: MX Series: Web filtering doesn't block specifically formatted URLs
    Summary
    A Use of Incorrectly-Resolved Name or Reference vulnerability in the URL filtering plugin of Juniper Networks Junos OS on MX Series allows an unauthenticated, network-based attacker to bypass web filtering and access downstream resources that should be unreachable. If an MX Series device is configured with web filtering, and an attacker sends a request with a specifically formatted URL, this request will get forwarded despite the system being configured to block it. In turn, an attacker can access downstream resources that are expected to be unreachable. This issue affects Junos OS on MX Series: * all versions before 23.2R2-S7, * 23.4 versions before 23.4R2-S8, * 24.2 versions before 24.2R2-S5, * 24.4 versions before 24.4R2-S4, * 25.2 versions before 25.2R2-S1, * 25.4 versions before 25.4R1-S2, 25.4R2.
    CWE
    • CWE-706 - Use of Incorrectly-Resolved Name or Reference
    Assigner
    References
    Impacted products
    Vendor Product Version
    Juniper Networks Junos OS Affected: 0 , < 23.2R2-S7 (custom)
    Affected: 23.4 , < 23.4R2-S8 (custom)
    Affected: 24.2 , < 24.2R2-S5 (custom)
    Affected: 24.4 , < 24.4R2-S4 (custom)
    Affected: 25.2 , < 25.2R2-S1 (custom)
    Affected: 25.4 , < 25.4R1-S2, 25.4R2 (custom)
    Create a notification for this product.
    Date Public
    2026-07-08 16:00
    Show details on NVD website

    {
      "containers": {
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "MX Series"
              ],
              "product": "Junos OS",
              "vendor": "Juniper Networks",
              "versions": [
                {
                  "lessThan": "23.2R2-S7",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "23.4R2-S8",
                  "status": "affected",
                  "version": "23.4",
                  "versionType": "custom"
                },
                {
                  "lessThan": "24.2R2-S5",
                  "status": "affected",
                  "version": "24.2",
                  "versionType": "custom"
                },
                {
                  "lessThan": "24.4R2-S4",
                  "status": "affected",
                  "version": "24.4",
                  "versionType": "custom"
                },
                {
                  "lessThan": "25.2R2-S1",
                  "status": "affected",
                  "version": "25.2",
                  "versionType": "custom"
                },
                {
                  "lessThan": "25.4R1-S2, 25.4R2",
                  "status": "affected",
                  "version": "25.4",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "configurations": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "To be exposed to this issue an MX Series device needs to be configured to filter specific URLs as follows:\u003cbr\u003e\u003cbr\u003e\u003ctt\u003e[ services service-set \u0026lt;set-name\u0026gt; web-filter-profile \u0026lt;profile-name\u0026gt; ]\u003cbr\u003e[\u0026nbsp;services web-filter profile \u0026lt;profile-name\u0026gt; url-filter-template \u0026lt;template-name\u0026gt; url-filter-database \u0026lt;file-with-URLs-to-filter\u0026gt; ]\u003c/tt\u003e"
                }
              ],
              "value": "To be exposed to this issue an MX Series device needs to be configured to filter specific URLs as follows:\n\n[ services service-set \u003cset-name\u003e web-filter-profile \u003cprofile-name\u003e ]\n[\u00a0services web-filter profile \u003cprofile-name\u003e url-filter-template \u003ctemplate-name\u003e url-filter-database \u003cfile-with-URLs-to-filter\u003e ]"
            }
          ],
          "datePublic": "2026-07-08T16:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "A Use of Incorrectly-Resolved Name or Reference vulnerability in the URL filtering plugin of Juniper Networks Junos OS on MX Series allows an unauthenticated, network-based attacker to bypass web filtering and access downstream resources that should be unreachable.\u003cbr\u003e\u003cbr\u003e\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eIf an MX Series device is configured with web filtering, and an attacker sends a request with a specifically formatted URL, this request will get forwarded despite the system being configured to block it. In turn, an attacker can access downstream resources that are expected to be unreachable.\u003c/span\u003e\u003cbr\u003e\u003cp\u003e\u003cbr\u003eThis issue affects\u0026nbsp;Junos OS on MX Series:\u003cbr\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003eall versions before 23.2R2-S7,\u003c/li\u003e\u003cli\u003e23.4 versions before 23.4R2-S8,\u003c/li\u003e\u003cli\u003e24.2 versions before 24.2R2-S5,\u003c/li\u003e\u003cli\u003e24.4 versions before 24.4R2-S4,\u003c/li\u003e\u003cli\u003e25.2 versions before 25.2R2-S1,\u003c/li\u003e\u003cli\u003e25.4 versions before 25.4R1-S2, 25.4R2.\u003c/li\u003e\u003c/ul\u003e\u003cbr\u003e\u003cp\u003e\u003c/p\u003e"
                }
              ],
              "value": "A Use of Incorrectly-Resolved Name or Reference vulnerability in the URL filtering plugin of Juniper Networks Junos OS on MX Series allows an unauthenticated, network-based attacker to bypass web filtering and access downstream resources that should be unreachable.\n\n\n\nIf an MX Series device is configured with web filtering, and an attacker sends a request with a specifically formatted URL, this request will get forwarded despite the system being configured to block it. In turn, an attacker can access downstream resources that are expected to be unreachable.\n\nThis issue affects\u00a0Junos OS on MX Series:\n\n\n  *  all versions before 23.2R2-S7,\n  *  23.4 versions before 23.4R2-S8,\n  *  24.2 versions before 24.2R2-S5,\n  *  24.4 versions before 24.4R2-S4,\n  *  25.2 versions before 25.2R2-S1,\n  *  25.4 versions before 25.4R1-S2, 25.4R2."
            }
          ],
          "exploits": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
                }
              ],
              "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.8,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            },
            {
              "cvssV4_0": {
                "Automatable": "YES",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 6.9,
                "baseSeverity": "MEDIUM",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "LOW",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:L/SA:N/AU:Y/RE:M",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "NONE",
                "vulnerabilityResponseEffort": "MODERATE"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-706",
                  "description": "CWE-706 Use of Incorrectly-Resolved Name or Reference",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-09T21:14:33.905Z",
            "orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
            "shortName": "juniper"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://supportportal.juniper.net/JSA110093"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "The following software releases have been updated to resolve this specific issue:\n\nJunos OS: 23.2R2-S7, 23.4R2-S8, 24.2R2-S5, 24.4R2-S4, 25.2R2-S1, 25.4R1-S2, 25.4R2, 26.2R1, and all subsequent releases."
                }
              ],
              "value": "The following software releases have been updated to resolve this specific issue:\n\nJunos OS: 23.2R2-S7, 23.4R2-S8, 24.2R2-S5, 24.4R2-S4, 25.2R2-S1, 25.4R1-S2, 25.4R2, 26.2R1, and all subsequent releases."
            }
          ],
          "source": {
            "advisory": "JSA110093",
            "defect": [
              "1926259"
            ],
            "discovery": "USER"
          },
          "title": "Junos OS: MX Series: Web filtering doesn\u0027t block specifically formatted URLs",
          "workarounds": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "There are no known workarounds for this issue."
                }
              ],
              "value": "There are no known workarounds for this issue."
            }
          ],
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
        "assignerShortName": "juniper",
        "cveId": "CVE-2026-57054",
        "datePublished": "2026-07-09T21:14:33.905Z",
        "dateReserved": "2026-06-23T16:55:07.912Z",
        "dateUpdated": "2026-07-09T21:14:33.905Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-57032 (GCVE-0-2026-57032)

    Vulnerability from nvd – Published: 2026-07-09 21:14 – Updated: 2026-07-09 21:14
    VLAI
    Title
    Junos OS: EX Series: Subscribing to an unsupported telemetry sensor path causes fxpc process crash
    Summary
    An Improper Handling of Undefined Parameters vulnerability in the packet forwarding engine (pfe) of Juniper Networks Junos OS on EX Series devices allows an authenticated attacker with low privileges to cause a Denial-of-Service (DoS). If an attempt is made to subscribe to an unsupported telemetry sensor path on EX2300, EX3400, EX4000, EX4100 and EX4400 via gRPC, this causes the FPC to crash. This leads to a complete service outage until the module has automatically restarted.  The following log message can be seen when this issue happens: agentd[<PID>]: AGENTD_RESOURCE_NOT_FOUND: No resource name found for <sensor> This issue affects Junos OS on EX2300, EX3400, EX4000, EX4100 and EX4400 devices: * all versions before 23.2R2-S7, * 23.4 versions before 23.4R2-S8, * 24.2 versions before 24.2R2-S5, * 24.4 versions before 24.4R2.
    CWE
    • CWE-236 - Improper Handling of Undefined Parameters
    Assigner
    References
    Impacted products
    Vendor Product Version
    Juniper Networks Junos OS Affected: 0 , < 23.2R2-S7 (custom)
    Affected: 23.4 , < 23.4R2-S8 (custom)
    Affected: 24.2 , < 24.2R2-S5 (custom)
    Affected: 24.4 , < 24.4R2 (custom)
    Create a notification for this product.
    Date Public
    2026-07-08 16:00
    Show details on NVD website

    {
      "containers": {
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "EX3400",
                "EX4100",
                "EX4400",
                "EX2300",
                "EX4000"
              ],
              "product": "Junos OS",
              "vendor": "Juniper Networks",
              "versions": [
                {
                  "lessThan": "23.2R2-S7",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "23.4R2-S8",
                  "status": "affected",
                  "version": "23.4",
                  "versionType": "custom"
                },
                {
                  "lessThan": "24.2R2-S5",
                  "status": "affected",
                  "version": "24.2",
                  "versionType": "custom"
                },
                {
                  "lessThan": "24.4R2",
                  "status": "affected",
                  "version": "24.4",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "configurations": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "To be exposed to this issue gRPC needs to be enabled via at least one of:\u003cbr\u003e\u003cbr\u003e\u003ctt\u003e[ system services http servers ]\u003cbr\u003e[ system services extension-service request-response grpc ]\u003c/tt\u003e"
                }
              ],
              "value": "To be exposed to this issue gRPC needs to be enabled via at least one of:\n\n[ system services http servers ]\n[ system services extension-service request-response grpc ]"
            }
          ],
          "datePublic": "2026-07-08T16:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "An Improper Handling of Undefined Parameters vulnerability in the packet forwarding engine (pfe) of Juniper Networks Junos OS on EX Series devices allows an authenticated attacker with low privileges to cause a Denial-of-Service (DoS).\u003cp\u003e\n\nIf an attempt is made to subscribe to an unsupported telemetry sensor path on EX2300,\u0026nbsp;EX3400,\u0026nbsp;EX4000, EX4100 and EX4400 via gRPC, this causes the FPC to crash. This leads to a complete service outage until the module has automatically restarted.\u0026nbsp;\u003c/p\u003e\u003cp\u003eThe following log message can be seen when this issue happens:\u003c/p\u003e\u003ctt\u003eagentd[\u0026lt;PID\u0026gt;]: AGENTD_RESOURCE_NOT_FOUND: No resource name found for \u0026lt;sensor\u0026gt;\u003c/tt\u003e\u003cp\u003e\u003cbr\u003e\u003c/p\u003e\u003cp\u003eThis issue affects Junos OS on \n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eEX2300, EX3400, EX4000, EX4100 and EX4400\u003c/span\u003e\n\ndevices:\u003cbr\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003eall versions before 23.2R2-S7,\u003c/li\u003e\u003cli\u003e23.4 versions before 23.4R2-S8,\u003c/li\u003e\u003cli\u003e24.2 versions before  24.2R2-S5,\u003c/li\u003e\u003cli\u003e24.4 versions before 24.4R2.\u003c/li\u003e\u003c/ul\u003e\u003cbr\u003e\u003cp\u003e\u003c/p\u003e"
                }
              ],
              "value": "An Improper Handling of Undefined Parameters vulnerability in the packet forwarding engine (pfe) of Juniper Networks Junos OS on EX Series devices allows an authenticated attacker with low privileges to cause a Denial-of-Service (DoS).\n\nIf an attempt is made to subscribe to an unsupported telemetry sensor path on EX2300,\u00a0EX3400,\u00a0EX4000, EX4100 and EX4400 via gRPC, this causes the FPC to crash. This leads to a complete service outage until the module has automatically restarted.\u00a0\n\nThe following log message can be seen when this issue happens:\n\nagentd[\u003cPID\u003e]: AGENTD_RESOURCE_NOT_FOUND: No resource name found for \u003csensor\u003e\n\n\nThis issue affects Junos OS on \n\nEX2300, EX3400, EX4000, EX4100 and EX4400\n\ndevices:\n\n\n  *  all versions before 23.2R2-S7,\n  *  23.4 versions before 23.4R2-S8,\n  *  24.2 versions before  24.2R2-S5,\n  *  24.4 versions before 24.4R2."
            }
          ],
          "exploits": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
                }
              ],
              "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            },
            {
              "cvssV4_0": {
                "Automatable": "YES",
                "Recovery": "AUTOMATIC",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 7.1,
                "baseSeverity": "HIGH",
                "privilegesRequired": "LOW",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "LOW",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/AU:Y/R:A/RE:M",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "NONE",
                "vulnerabilityResponseEffort": "MODERATE"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-236",
                  "description": "CWE-236 Improper Handling of Undefined Parameters",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-09T21:14:11.048Z",
            "orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
            "shortName": "juniper"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://supportportal.juniper.net/JSA110092"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "The following software releases have been updated to resolve this specific issue:\n\nJunos OS: 23.2R2-S7, 23.4R2-S8, 24.2R2-S5, 24.4R2, 25.2R1, and all subsequent releases."
                }
              ],
              "value": "The following software releases have been updated to resolve this specific issue:\n\nJunos OS: 23.2R2-S7, 23.4R2-S8, 24.2R2-S5, 24.4R2, 25.2R1, and all subsequent releases."
            }
          ],
          "source": {
            "advisory": "JSA110092",
            "defect": [
              "1912078"
            ],
            "discovery": "USER"
          },
          "title": "Junos OS: EX Series: Subscribing to an unsupported telemetry sensor path causes fxpc process crash",
          "workarounds": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "There are no known workarounds for this issue.\u003cbr\u003eTo reduce the risk of exploitation use access lists or firewall filters to limit access to the device only from trusted hosts and administrators.\u003cbr\u003e"
                }
              ],
              "value": "There are no known workarounds for this issue.\nTo reduce the risk of exploitation use access lists or firewall filters to limit access to the device only from trusted hosts and administrators."
            }
          ],
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
        "assignerShortName": "juniper",
        "cveId": "CVE-2026-57032",
        "datePublished": "2026-07-09T21:14:11.048Z",
        "dateReserved": "2026-06-23T16:27:00.249Z",
        "dateUpdated": "2026-07-09T21:14:11.048Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-57031 (GCVE-0-2026-57031)

    Vulnerability from nvd – Published: 2026-07-09 21:13 – Updated: 2026-07-09 21:13
    VLAI
    Title
    Junos OS: MX Series: For subscribers configured on static interfaces, input filters are not in effect
    Summary
    An Improper Check for Unusual or Exceptional Conditions vulnerability in the packet forwarding engine (PFE) of Juniper Networks Junos OS on MX Series allows adjacent subscribers to bypass configured firewall filters. On MX Series devices with MPC10/11, LC4800/9600, and MX304 with subscribers configured on static interfaces, ingress firewall filters are not enforced, so that neither protocol level nor upstream bandwidth limitation are in effect.  This issue affects Junos OS on MX with MPC10/11, LC4800/9600/4802, and MX304: * 23.2 versions from 23.2R2-S1 before 23.2R2-S7, * 23.4 versions from 23.4R2 before 23.4R2-S7, * 24.2 versions before 24.2R2-S3, * 24.4 versions before 24.4R2-S2, * 25.2 versions before 25.2R2.
    CWE
    • CWE-754 - Improper Check for Unusual or Exceptional Conditions
    Assigner
    References
    Impacted products
    Vendor Product Version
    Juniper Networks Junos OS Affected: 23.2R2-S1 , < 23.2R2-S7 (custom)
    Affected: 23.4R2 , < 23.4R2-S7 (custom)
    Affected: 24.2 , < 24.2R2-S3 (custom)
    Affected: 24.4 , < 24.4R2-S2 (custom)
    Affected: 25.2 , < 25.2R2 (custom)
    Create a notification for this product.
    Date Public
    2026-07-08 16:00
    Show details on NVD website

    {
      "containers": {
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "modules": [
                "MPC10",
                "MPC11",
                "LC4800",
                "LC9600",
                "MX304-LMIC16"
              ],
              "platforms": [
                "MX Series"
              ],
              "product": "Junos OS",
              "vendor": "Juniper Networks",
              "versions": [
                {
                  "lessThan": "23.2R2-S7",
                  "status": "affected",
                  "version": "23.2R2-S1",
                  "versionType": "custom"
                },
                {
                  "lessThan": "23.4R2-S7",
                  "status": "affected",
                  "version": "23.4R2",
                  "versionType": "custom"
                },
                {
                  "lessThan": "24.2R2-S3",
                  "status": "affected",
                  "version": "24.2",
                  "versionType": "custom"
                },
                {
                  "lessThan": "24.4R2-S2",
                  "status": "affected",
                  "version": "24.4",
                  "versionType": "custom"
                },
                {
                  "lessThan": "25.2R2",
                  "status": "affected",
                  "version": "25.2",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "configurations": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "To be exposed to this issue a configuration for static subscribers with an input filter is required:\u003cbr\u003e\u003cbr\u003e\n\n\u003ctt\u003e[ system services\u0026nbsp;static-subscribers ]\u003cbr\u003e\u003cbr\u003e\u003c/tt\u003e\u003ctt\u003e[ dynamic-profiles \u0026lt;profile-name\u0026gt; interfaces \u0026lt;interface\u0026gt; unit \u0026lt;unit\u0026gt; family (inet|inet6) filter input \u0026lt;filter-name\u0026gt; ]\u003c/tt\u003e"
                }
              ],
              "value": "To be exposed to this issue a configuration for static subscribers with an input filter is required:\n\n\n\n[ system services\u00a0static-subscribers ]\n\n[ dynamic-profiles \u003cprofile-name\u003e interfaces \u003cinterface\u003e unit \u003cunit\u003e family (inet|inet6) filter input \u003cfilter-name\u003e ]"
            }
          ],
          "datePublic": "2026-07-08T16:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "An Improper Check for Unusual or Exceptional Conditions vulnerability in the packet forwarding engine (PFE) of Juniper Networks Junos OS on MX Series allows adjacent subscribers to bypass configured firewall filters.\u003cbr\u003e\u003cbr\u003e\u003cp\u003eOn MX Series devices with\u0026nbsp;MPC10/11, LC4800/9600, and MX304 with\u0026nbsp;subscribers configured on static interfaces, ingress firewall filters are not enforced, so that neither protocol level nor upstream bandwidth limitation are in effect.\u0026nbsp;\u003c/p\u003e\u003cp\u003e\u003cbr\u003eThis issue affects Junos OS on MX with\u0026nbsp;MPC10/11, LC4800/9600/4802, and MX304:\u003cbr\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003e23.2 versions from 23.2R2-S1 before 23.2R2-S7,\u003c/li\u003e\u003cli\u003e23.4 versions from 23.4R2 before 23.4R2-S7,\u003c/li\u003e\u003cli\u003e24.2 versions before 24.2R2-S3,\u003c/li\u003e\u003cli\u003e24.4 versions before 24.4R2-S2,\u003c/li\u003e\u003cli\u003e25.2 versions before 25.2R2.\u003c/li\u003e\u003c/ul\u003e\u003cbr\u003e\u003cp\u003e\u003c/p\u003e"
                }
              ],
              "value": "An Improper Check for Unusual or Exceptional Conditions vulnerability in the packet forwarding engine (PFE) of Juniper Networks Junos OS on MX Series allows adjacent subscribers to bypass configured firewall filters.\n\nOn MX Series devices with\u00a0MPC10/11, LC4800/9600, and MX304 with\u00a0subscribers configured on static interfaces, ingress firewall filters are not enforced, so that neither protocol level nor upstream bandwidth limitation are in effect.\u00a0\n\n\nThis issue affects Junos OS on MX with\u00a0MPC10/11, LC4800/9600/4802, and MX304:\n\n\n  *  23.2 versions from 23.2R2-S1 before 23.2R2-S7,\n  *  23.4 versions from 23.4R2 before 23.4R2-S7,\n  *  24.2 versions before 24.2R2-S3,\n  *  24.4 versions before 24.4R2-S2,\n  *  25.2 versions before 25.2R2."
            }
          ],
          "exploits": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
                }
              ],
              "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT_NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.7,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            },
            {
              "cvssV4_0": {
                "Automatable": "YES",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "ADJACENT",
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "LOW",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:L/SA:N/AU:Y/RE:M",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "NONE",
                "vulnerabilityResponseEffort": "MODERATE"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-754",
                  "description": "CWE-754 Improper Check for Unusual or Exceptional Conditions",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-09T21:13:46.497Z",
            "orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
            "shortName": "juniper"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://supportportal.juniper.net/JSA110091"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "The following software releases have been updated to resolve this specific issue:\n\nJunos OS: 23.2R2-S7, 23.4R2-S7, 24.2R2-S3, 24.4R2-S2, 25.2R2, 25.4R1, and all subsequent releases."
                }
              ],
              "value": "The following software releases have been updated to resolve this specific issue:\n\nJunos OS: 23.2R2-S7, 23.4R2-S7, 24.2R2-S3, 24.4R2-S2, 25.2R2, 25.4R1, and all subsequent releases."
            }
          ],
          "source": {
            "advisory": "JSA110091",
            "defect": [
              "1902909"
            ],
            "discovery": "USER"
          },
          "title": "Junos OS: MX Series: For subscribers configured on static interfaces, input filters are not in effect",
          "workarounds": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "There are no known workarounds for this issue."
                }
              ],
              "value": "There are no known workarounds for this issue."
            }
          ],
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
        "assignerShortName": "juniper",
        "cveId": "CVE-2026-57031",
        "datePublished": "2026-07-09T21:13:46.497Z",
        "dateReserved": "2026-06-23T16:27:00.249Z",
        "dateUpdated": "2026-07-09T21:13:46.497Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-57030 (GCVE-0-2026-57030)

    Vulnerability from nvd – Published: 2026-07-09 21:13 – Updated: 2026-07-09 21:13
    VLAI
    Title
    Junos OS: SRX Series: Flow sessions are not getting cleared leading to a DoS
    Summary
    A Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') vulnerability in the packet forwarding engine (PFE) of Juniper Networks Junos OS on SRX Series allows an unauthenticated, network-based attacker to cause a Denial-of-Service (DoS). As part of the stateful traffic processing on SRX Series devices flows are being established, and removed when not needed anymore. During the removal process the timeout of a flow should be set to 3 seconds and consequentially the flow should be removed shortly after. Due to a race condition occurring when setting the timeout there is a chance (the exact conditions are outside the attackers control) that the timeout is instead set to a very high value of larger than 10,000 seconds: user@host> show security flow session | match timeout Session ID: 98784248524, Policy name: PROD-FLOW/4, HA State: Active, Timeout: 85250, Session State: Valid This will lead to an accumulation of flows which can be observed by an ever-increasing value of invalidated sessions in the output of 'show security flow session summary': user@host> show security flow session summary | match invalid Invalidated sessions: 216931These sessions can't be cleared manually with the 'clear security flow session' command, which will either lead to forwarding to stop (and the system needs to be manually recovered with a reboot) or to a flowd core and automatic reboot. This issue affects Junos OS on SRX Series: * 24.2 versions before 24.2R2-S3, * 24.4 versions before 24.4R2-S1, 24.4R2-S2, * 25.2 versions before 25.2R1-S2, 25.2R2. This issue does not affect releases earlier than 24.2R1;
    CWE
    • CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
    Assigner
    References
    Impacted products
    Vendor Product Version
    Juniper Networks Junos OS Affected: 24.2 , < 24.2R2-S3 (custom)
    Affected: 24.4 , < 24.4R2-S1 (custom)
    Affected: 25.2 , < 25.2R1-S2 (custom)
    Unaffected: 0 , < 24.2R1 (custom)
    Create a notification for this product.
    Date Public
    2026-07-08 16:00
    Show details on NVD website

    {
      "containers": {
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "SRX Series"
              ],
              "product": "Junos OS",
              "vendor": "Juniper Networks",
              "versions": [
                {
                  "lessThan": "24.2R2-S3",
                  "status": "affected",
                  "version": "24.2",
                  "versionType": "custom"
                },
                {
                  "lessThan": "24.4R2-S1",
                  "status": "affected",
                  "version": "24.4",
                  "versionType": "custom"
                },
                {
                  "lessThan": "25.2R1-S2",
                  "status": "affected",
                  "version": "25.2",
                  "versionType": "custom"
                },
                {
                  "lessThan": "24.2R1",
                  "status": "unaffected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2026-07-08T16:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "A Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027) vulnerability in the packet forwarding engine (PFE) of Juniper Networks Junos OS on SRX Series allows an unauthenticated, network-based attacker to cause a Denial-of-Service (DoS).\u003cbr\u003e\u003cbr\u003eAs part of the stateful traffic processing on SRX Series devices flows are being established, and removed when not needed anymore. During the removal process the timeout of a flow should be set to 3 seconds and consequentially the flow should be removed shortly after. Due to a race condition occurring when setting the timeout there is a chance (the exact conditions are outside the attackers control) that the timeout is instead set to a very high value of larger than 10,000 seconds:\u003cbr\u003e\u003cbr\u003e\n\n\u003ctt\u003euser@host\u0026gt; show security flow session | match timeout\u003cbr\u003eSession ID: 98784248524, Policy name: PROD-FLOW/4, HA State: Active, Timeout: 85250, Session State: Valid\u003c/tt\u003e\u003cbr\u003e\u003cbr\u003eThis will lead to an accumulation of flows which can be observed by an ever-increasing value of invalidated sessions in the output of \u0027show security flow session summary\u0027:\u003cbr\u003e\u003cbr\u003e\u003ctt\u003euser@host\u0026gt; show security flow session summary | match invalid\u003cbr\u003eInvalidated sessions: 216931\u003c/tt\u003e\u003cp\u003eThese sessions can\u0027t be cleared manually with the \u0027clear security flow session\u0027 command, which will either lead to forwarding to stop (and the system needs to be manually recovered with a reboot) or to a flowd core and automatic reboot.\u003c/p\u003e\u003cp\u003e\u003cbr\u003eThis issue affects Junos OS on SRX Series:\u003cbr\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003e24.2 versions before 24.2R2-S3,\u003c/li\u003e\u003cli\u003e24.4 versions before 24.4R2-S1, 24.4R2-S2,\u003c/li\u003e\u003cli\u003e25.2\u0026nbsp;versions\u0026nbsp;before 25.2R1-S2, 25.2R2.\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003eThis issue does not affect releases earlier than 24.2R1;\u003c/p\u003e"
                }
              ],
              "value": "A Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027) vulnerability in the packet forwarding engine (PFE) of Juniper Networks Junos OS on SRX Series allows an unauthenticated, network-based attacker to cause a Denial-of-Service (DoS).\n\nAs part of the stateful traffic processing on SRX Series devices flows are being established, and removed when not needed anymore. During the removal process the timeout of a flow should be set to 3 seconds and consequentially the flow should be removed shortly after. Due to a race condition occurring when setting the timeout there is a chance (the exact conditions are outside the attackers control) that the timeout is instead set to a very high value of larger than 10,000 seconds:\n\n\n\nuser@host\u003e show security flow session | match timeout\nSession ID: 98784248524, Policy name: PROD-FLOW/4, HA State: Active, Timeout: 85250, Session State: Valid\n\nThis will lead to an accumulation of flows which can be observed by an ever-increasing value of invalidated sessions in the output of \u0027show security flow session summary\u0027:\n\nuser@host\u003e show security flow session summary | match invalid\nInvalidated sessions: 216931These sessions can\u0027t be cleared manually with the \u0027clear security flow session\u0027 command, which will either lead to forwarding to stop (and the system needs to be manually recovered with a reboot) or to a flowd core and automatic reboot.\n\n\nThis issue affects Junos OS on SRX Series:\n\n\n  *  24.2 versions before 24.2R2-S3,\n  *  24.4 versions before 24.4R2-S1, 24.4R2-S2,\n  *  25.2\u00a0versions\u00a0before 25.2R1-S2, 25.2R2.\n\n\n\n\nThis issue does not affect releases earlier than 24.2R1;"
            }
          ],
          "exploits": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
                }
              ],
              "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 5.9,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            },
            {
              "cvssV4_0": {
                "Automatable": "YES",
                "Recovery": "USER",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "PRESENT",
                "attackVector": "NETWORK",
                "baseScore": 8.2,
                "baseSeverity": "HIGH",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "LOW",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/AU:Y/R:U/RE:M",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "NONE",
                "vulnerabilityResponseEffort": "MODERATE"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-362",
                  "description": "CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-09T21:13:12.671Z",
            "orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
            "shortName": "juniper"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://supportportal.juniper.net/JSA110090"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "The following software releases have been updated to resolve this specific issue:\n\nJunos OS: 24.2R2-S3, 24.4R2-S1, 25.2R1-S2, 25.2R2, 25.4R1, and all subsequent releases."
                }
              ],
              "value": "The following software releases have been updated to resolve this specific issue:\n\nJunos OS: 24.2R2-S3, 24.4R2-S1, 25.2R1-S2, 25.2R2, 25.4R1, and all subsequent releases."
            }
          ],
          "source": {
            "advisory": "JSA110090",
            "defect": [
              "1876709"
            ],
            "discovery": "USER"
          },
          "title": "Junos OS: SRX Series: Flow sessions are not getting cleared leading to a DoS",
          "workarounds": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "There are no known workarounds for this issue."
                }
              ],
              "value": "There are no known workarounds for this issue."
            }
          ],
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
        "assignerShortName": "juniper",
        "cveId": "CVE-2026-57030",
        "datePublished": "2026-07-09T21:13:12.671Z",
        "dateReserved": "2026-06-23T16:27:00.249Z",
        "dateUpdated": "2026-07-09T21:13:12.671Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-57027 (GCVE-0-2026-57027)

    Vulnerability from nvd – Published: 2026-07-09 21:08 – Updated: 2026-07-09 21:08
    VLAI
    Title
    Junos OS: EX4100 Series, EX4400: With sFlow configured in a VC scenario multicast traffic leads to an FPC crash
    Summary
    A Missing Release of Memory after Effective Lifetime vulnerability in the packet forwarding engine (pfe) of Juniper Networks Junos OS on specific EX Series devices allows an unauthenticated adjacent attacker to cause a Denial-of-Service (DoS).When sFlow is configured in a Virtual Chassis (VC) scenario with EX4100 Series or EX4400 Series devices, multicast traffic which is received on one VC member and sent out on another member leads to a memory leak and ultimately an FPC crash and restart. The leak can be monitored by watching the continuous increase of the buffer values in the output of: user@host> show chassis fpc This issue affects Junos OS on EX4100 Series and EX4400: * all versions before 23.2R2-S7, * 23.4 versions before 23.4R2-S7, * 24.2 versions before 24.2R2-S4, * 24.4 versions before 24.4R2.
    CWE
    • CWE-401 - Missing Release of Memory after Effective Lifetime
    Assigner
    References
    Impacted products
    Vendor Product Version
    Juniper Networks Junos OS Affected: 0 , < 23.2R2-S7 (custom)
    Affected: 23.4 , < 23.4R2-S7 (custom)
    Affected: 24.2 , < 24.2R2-S4 (custom)
    Affected: 24.4 , < 24.4R2 (custom)
    Create a notification for this product.
    Date Public
    2026-07-08 16:00
    Show details on NVD website

    {
      "containers": {
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "EX4100 Series",
                "EX4400 Series"
              ],
              "product": "Junos OS",
              "vendor": "Juniper Networks",
              "versions": [
                {
                  "lessThan": "23.2R2-S7",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "23.4R2-S7",
                  "status": "affected",
                  "version": "23.4",
                  "versionType": "custom"
                },
                {
                  "lessThan": "24.2R2-S4",
                  "status": "affected",
                  "version": "24.2",
                  "versionType": "custom"
                },
                {
                  "lessThan": "24.4R2",
                  "status": "affected",
                  "version": "24.4",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "configurations": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "A system is only affected if sFlow for multicast is explicitly enabled with:\u003cbr\u003e\u003cbr\u003e\u003ctt\u003e[ forwarding-options sflow egress-multicast enable ]\u003c/tt\u003e"
                }
              ],
              "value": "A system is only affected if sFlow for multicast is explicitly enabled with:\n\n[ forwarding-options sflow egress-multicast enable ]"
            }
          ],
          "datePublic": "2026-07-08T16:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "A Missing Release of Memory after Effective Lifetime vulnerability in the packet forwarding engine (pfe) of Juniper Networks Junos OS on specific EX Series devices allows an unauthenticated adjacent attacker to cause a Denial-of-Service (DoS).\u003cp\u003eWhen sFlow is configured in a Virtual Chassis (VC) scenario with EX4100 Series or EX4400 Series devices, multicast traffic which is received on one VC member and sent out on another member leads to a memory leak and ultimately an FPC crash and restart.\u003c/p\u003eThe leak can be monitored by watching the continuous increase of the buffer values in the output of:\u003cbr\u003e\u003cbr\u003e\u003ctt\u003euser@host\u0026gt; show chassis fpc\u003c/tt\u003e \u003cp\u003e\u003cbr\u003eThis issue affects Junos OS on\u0026nbsp;\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eEX4100 Series and EX4400\u003c/span\u003e:\u003cbr\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003eall versions before 23.2R2-S7,\u003c/li\u003e\u003cli\u003e23.4 versions before 23.4R2-S7,\u003c/li\u003e\u003cli\u003e24.2 versions before 24.2R2-S4,\u003c/li\u003e\u003cli\u003e24.4 versions before 24.4R2.\u003c/li\u003e\u003c/ul\u003e\u003cbr\u003e"
                }
              ],
              "value": "A Missing Release of Memory after Effective Lifetime vulnerability in the packet forwarding engine (pfe) of Juniper Networks Junos OS on specific EX Series devices allows an unauthenticated adjacent attacker to cause a Denial-of-Service (DoS).When sFlow is configured in a Virtual Chassis (VC) scenario with EX4100 Series or EX4400 Series devices, multicast traffic which is received on one VC member and sent out on another member leads to a memory leak and ultimately an FPC crash and restart.\n\nThe leak can be monitored by watching the continuous increase of the buffer values in the output of:\n\nuser@host\u003e show chassis fpc \nThis issue affects Junos OS on\u00a0EX4100 Series and EX4400:\n\n\n  *  all versions before 23.2R2-S7,\n  *  23.4 versions before 23.4R2-S7,\n  *  24.2 versions before 24.2R2-S4,\n  *  24.4 versions before 24.4R2."
            }
          ],
          "exploits": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
                }
              ],
              "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT_NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            },
            {
              "cvssV4_0": {
                "Automatable": "YES",
                "Recovery": "AUTOMATIC",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "ADJACENT",
                "baseScore": 7.1,
                "baseSeverity": "HIGH",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "LOW",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/AU:Y/R:A/RE:M",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "NONE",
                "vulnerabilityResponseEffort": "MODERATE"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-401",
                  "description": "CWE-401 Missing Release of Memory after Effective Lifetime",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-09T21:08:07.684Z",
            "orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
            "shortName": "juniper"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://supportportal.juniper.net/JSA110087"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "The following software releases have been updated to resolve this specific issue:\n\nJunos OS: 23.2R2-S7, 23.4R2-S7, 24.2R2-S4, 24.4R2, 25.2R1, and all subsequent releases."
                }
              ],
              "value": "The following software releases have been updated to resolve this specific issue:\n\nJunos OS: 23.2R2-S7, 23.4R2-S7, 24.2R2-S4, 24.4R2, 25.2R1, and all subsequent releases."
            }
          ],
          "source": {
            "advisory": "JSA110087",
            "defect": [
              "1824592"
            ],
            "discovery": "USER"
          },
          "title": "Junos OS: EX4100 Series, EX4400: With sFlow configured in a VC scenario multicast traffic leads to an FPC crash",
          "workarounds": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "There are no known workarounds for this issue."
                }
              ],
              "value": "There are no known workarounds for this issue."
            }
          ],
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
        "assignerShortName": "juniper",
        "cveId": "CVE-2026-57027",
        "datePublished": "2026-07-09T21:08:07.684Z",
        "dateReserved": "2026-06-23T16:27:00.248Z",
        "dateUpdated": "2026-07-09T21:08:07.684Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-57026 (GCVE-0-2026-57026)

    Vulnerability from nvd – Published: 2026-07-09 21:07 – Updated: 2026-07-09 21:07
    VLAI
    Title
    Junos OS: MX Series with SPC3, SRX Series: Processing of a specifically malformed SIP invite causes a flowd crash
    Summary
    An Improper Validation of Syntactic Correctness of Input vulnerability in the SIP plugin of Juniper Networks Junos OS on MX Series with SPC3 and SRX Series allows an unauthenticated, network-based attacker to cause a Denial-of-Service (DoS).If the SIP ALG is enabled on an affected device, the processing of a malformed SIP invite packet will cause a flow processing daemon (flowd) crash and restart. This leads to a complete service outage until the system has automatically recovered. This issue affects Junos OS on MX Series with SPC3 and SRX Series: * all versions before 23.2R2-S7, * 23.4 versions before 23.4R2-S8, * 24.2 versions before 24.2R2-S5, * 24.4 versions before 24.4R2-S4, * 25.2 versions before 25.2R2, * 25.4 versions before 25.4R1-S2.
    CWE
    • CWE-1286 - Improper Validation of Syntactic Correctness of Input
    Assigner
    References
    Impacted products
    Vendor Product Version
    Juniper Networks Junos OS Affected: 0 , < 23.2R2-S7 (custom)
    Affected: 23.4 , < 23.4R2-S8 (custom)
    Affected: 24.2 , < 24.2R2-S5 (custom)
    Affected: 24.4 , < 24.4R2-S4 (custom)
    Affected: 25.2 , < 25.2R2 (custom)
    Affected: 25.4 , < 25.4R1-S2 (custom)
    Create a notification for this product.
    Date Public
    2026-07-08 16:00
    Show details on NVD website

    {
      "containers": {
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "SRX Series",
                "MX Series with SPC3"
              ],
              "product": "Junos OS",
              "vendor": "Juniper Networks",
              "versions": [
                {
                  "lessThan": "23.2R2-S7",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "23.4R2-S8",
                  "status": "affected",
                  "version": "23.4",
                  "versionType": "custom"
                },
                {
                  "lessThan": "24.2R2-S5",
                  "status": "affected",
                  "version": "24.2",
                  "versionType": "custom"
                },
                {
                  "lessThan": "24.4R2-S4",
                  "status": "affected",
                  "version": "24.4",
                  "versionType": "custom"
                },
                {
                  "lessThan": "25.2R2",
                  "status": "affected",
                  "version": "25.2",
                  "versionType": "custom"
                },
                {
                  "lessThan": "25.4R1-S2",
                  "status": "affected",
                  "version": "25.4",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "configurations": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "To be affected the SIP ALG needs to be enabled, either implicitly / by default or by way of configuration. Please verify with:\u003cbr\u003e\u003cbr\u003e\u003ctt\u003euser@host\u0026gt; show security alg status | match sip\u003cbr\u003eSIP : Enabled\u003c/tt\u003e"
                }
              ],
              "value": "To be affected the SIP ALG needs to be enabled, either implicitly / by default or by way of configuration. Please verify with:\n\nuser@host\u003e show security alg status | match sip\nSIP : Enabled"
            }
          ],
          "datePublic": "2026-07-08T16:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "An Improper Validation of Syntactic Correctness of Input vulnerability in the SIP plugin of Juniper Networks Junos OS on MX Series with SPC3 and SRX Series allows an unauthenticated, network-based attacker to cause a Denial-of-Service (DoS).\u003cp\u003eIf the SIP ALG is enabled on an affected device, the processing of a malformed SIP invite packet will cause a flow processing daemon (flowd) crash and restart. This leads to a complete service outage until the system has automatically recovered.\u003cbr\u003e\u003c/p\u003e\u003cp\u003e\u003cbr\u003eThis issue affects Junos OS on MX Series with SPC3 and SRX Series:\u003cbr\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003eall versions before 23.2R2-S7,\u003c/li\u003e\u003cli\u003e23.4 versions before 23.4R2-S8,\u003c/li\u003e\u003cli\u003e24.2 versions before 24.2R2-S5,\u003c/li\u003e\u003cli\u003e24.4 versions before 24.4R2-S4,\u003c/li\u003e\u003cli\u003e25.2 versions before 25.2R2,\u003c/li\u003e\u003cli\u003e25.4 versions before 25.4R1-S2.\u003c/li\u003e\u003c/ul\u003e\u003cbr\u003e\u003cp\u003e\u003c/p\u003e"
                }
              ],
              "value": "An Improper Validation of Syntactic Correctness of Input vulnerability in the SIP plugin of Juniper Networks Junos OS on MX Series with SPC3 and SRX Series allows an unauthenticated, network-based attacker to cause a Denial-of-Service (DoS).If the SIP ALG is enabled on an affected device, the processing of a malformed SIP invite packet will cause a flow processing daemon (flowd) crash and restart. This leads to a complete service outage until the system has automatically recovered.\n\n\n\nThis issue affects Junos OS on MX Series with SPC3 and SRX Series:\n\n\n  *  all versions before 23.2R2-S7,\n  *  23.4 versions before 23.4R2-S8,\n  *  24.2 versions before 24.2R2-S5,\n  *  24.4 versions before 24.4R2-S4,\n  *  25.2 versions before 25.2R2,\n  *  25.4 versions before 25.4R1-S2."
            }
          ],
          "exploits": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
                }
              ],
              "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            },
            {
              "cvssV4_0": {
                "Automatable": "YES",
                "Recovery": "AUTOMATIC",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 8.7,
                "baseSeverity": "HIGH",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "LOW",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/AU:Y/R:A/RE:M",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "NONE",
                "vulnerabilityResponseEffort": "MODERATE"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-1286",
                  "description": "CWE-1286 Improper Validation of Syntactic Correctness of Input",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-09T21:07:44.855Z",
            "orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
            "shortName": "juniper"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://supportportal.juniper.net/JSA110086"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "The following software releases have been updated to resolve this specific issue:\n\nJunos OS: 23.2R2-S7, 23.4R2-S8, 24.2R2-S5, 24.4R2-S4, 25.2R2, 25.4R1-S2, 25.4R2, 26.2R1, and all subsequent releases."
                }
              ],
              "value": "The following software releases have been updated to resolve this specific issue:\n\nJunos OS: 23.2R2-S7, 23.4R2-S8, 24.2R2-S5, 24.4R2-S4, 25.2R2, 25.4R1-S2, 25.4R2, 26.2R1, and all subsequent releases."
            }
          ],
          "source": {
            "advisory": "JSA110086",
            "defect": [
              "1932051"
            ],
            "discovery": "USER"
          },
          "title": "Junos OS: MX Series with SPC3, SRX Series: Processing of a specifically malformed SIP invite causes a flowd crash",
          "workarounds": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "There are no known workarounds for this issue.\u003cbr\u003e\u003cbr\u003e\n\n\u003cspan style=\"background-color: rgb(251, 251, 251);\"\u003eTo reduce the risk of exploitation customers not requiring the SIP ALG functionality could explicitly disable it (in case it\u0027s by default enabled) by configuring:\u003c/span\u003e\u003cbr\u003e\u003cbr\u003e\u003ctt\u003e[ security alg sip disable ]\u003c/tt\u003e\n\n\u003cbr\u003e"
                }
              ],
              "value": "There are no known workarounds for this issue.\n\n\n\nTo reduce the risk of exploitation customers not requiring the SIP ALG functionality could explicitly disable it (in case it\u0027s by default enabled) by configuring:\n\n[ security alg sip disable ]"
            }
          ],
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
        "assignerShortName": "juniper",
        "cveId": "CVE-2026-57026",
        "datePublished": "2026-07-09T21:07:44.855Z",
        "dateReserved": "2026-06-23T16:27:00.248Z",
        "dateUpdated": "2026-07-09T21:07:44.855Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-57025 (GCVE-0-2026-57025)

    Vulnerability from nvd – Published: 2026-07-09 21:07 – Updated: 2026-07-09 21:07
    VLAI
    Title
    Junos OS and Junos OS Evolved: EX Series, QFX Series, MX Series: A specific 'show l2-learning' command causes l2ald crash
    Summary
    A Return of Pointer Value Outside of Expected Range vulnerability in the fileio library of Juniper Networks Junos OS and Junos OS Evolved allows a local, low-privilged attacker to cause a Denial-of-Service (DoS). On EX Series, QFX Series and MX Series a low-privileged attacker issuing a specific 'show l2-learning' command will cause an l2ald crash which will lead to a temporary service impact for all layer 2 services until the process has automatically restarted. This issue affects EX Series, QFX Series, MX Series: Junos OS: * all versions before 23.2R2-S7, * 23.4 versions before 23.4R2-S7, * 24.2 versions before 24.2R2, * 24.4 versions before 24.4R1-S2. Junos OS Evolved: * all versions before 23.2R2-S7-EVO, * 23.4 versions before 23.4R2-S8-EVO, * 24.2 versions before 24.2R2-EVO, * 24.4 versions before 24.4R1-S3-EVO.
    CWE
    • CWE-466 - Return of Pointer Value Outside of Expected Range
    Assigner
    References
    Impacted products
    Vendor Product Version
    Juniper Networks Junos OS Affected: 0 , < 23.2R2-S7 (custom)
    Affected: 23.4 , < 23.4R2-S7 (custom)
    Affected: 24.2 , < 24.2R2 (custom)
    Affected: 24.4 , < 24.4R1-S2 (custom)
    Create a notification for this product.
    Juniper Networks Junos OS Evolved Affected: 0 , < 23.2R2-S7-EVO (custom)
    Affected: 23.4 , < 23.4R2-S8-EVO (custom)
    Affected: 24.2 , < 24.2R2-EVO (custom)
    Affected: 24.4 , < 24.4R1-S3-EVO (custom)
    Create a notification for this product.
    Date Public
    2026-07-08 16:00
    Show details on NVD website

    {
      "containers": {
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "EX Series",
                "QFX Series",
                "MX Series"
              ],
              "product": "Junos OS",
              "vendor": "Juniper Networks",
              "versions": [
                {
                  "lessThan": "23.2R2-S7",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "23.4R2-S7",
                  "status": "affected",
                  "version": "23.4",
                  "versionType": "custom"
                },
                {
                  "lessThan": "24.2R2",
                  "status": "affected",
                  "version": "24.2",
                  "versionType": "custom"
                },
                {
                  "lessThan": "24.4R1-S2",
                  "status": "affected",
                  "version": "24.4",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Junos OS Evolved",
              "vendor": "Juniper Networks",
              "versions": [
                {
                  "lessThan": "23.2R2-S7-EVO",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "23.4R2-S8-EVO",
                  "status": "affected",
                  "version": "23.4",
                  "versionType": "custom"
                },
                {
                  "lessThan": "24.2R2-EVO",
                  "status": "affected",
                  "version": "24.2",
                  "versionType": "custom"
                },
                {
                  "lessThan": "24.4R1-S3-EVO",
                  "status": "affected",
                  "version": "24.4",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2026-07-08T16:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "A Return of Pointer Value Outside of Expected Range vulnerability in the fileio library of Juniper Networks Junos OS and Junos OS Evolved allows a local, low-privilged attacker to cause a Denial-of-Service (DoS).\u003cbr\u003e\u003cbr\u003eOn EX Series, QFX Series and MX Series a\u0026nbsp;low-privileged attacker issuing a specific \u0027show l2-learning\u0027 command will cause an l2ald crash which will lead to a temporary service impact for all layer 2 services until the process has automatically restarted.\u003cbr\u003e\u003cp\u003e\u003cbr\u003eThis issue affects EX Series, QFX Series, MX Series:\u003cbr\u003eJunos OS:\u003cbr\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003eall versions before 23.2R2-S7,\u003c/li\u003e\u003cli\u003e23.4 versions before 23.4R2-S7,\u003c/li\u003e\u003cli\u003e24.2 versions before 24.2R2,\u003c/li\u003e\u003cli\u003e24.4 versions before 24.4R1-S2.\u003c/li\u003e\u003c/ul\u003e\u003cbr\u003eJunos OS Evolved:\u003cbr\u003e\u003cul\u003e\u003cli\u003eall versions before 23.2R2-S7-EVO,\u003c/li\u003e\u003cli\u003e23.4 versions before 23.4R2-S8-EVO,\u003c/li\u003e\u003cli\u003e24.2 versions before 24.2R2-EVO,\u003c/li\u003e\u003cli\u003e24.4 versions before 24.4R1-S3-EVO.\u003c/li\u003e\u003c/ul\u003e\u003cbr\u003e\u003cp\u003e\u003c/p\u003e"
                }
              ],
              "value": "A Return of Pointer Value Outside of Expected Range vulnerability in the fileio library of Juniper Networks Junos OS and Junos OS Evolved allows a local, low-privilged attacker to cause a Denial-of-Service (DoS).\n\nOn EX Series, QFX Series and MX Series a\u00a0low-privileged attacker issuing a specific \u0027show l2-learning\u0027 command will cause an l2ald crash which will lead to a temporary service impact for all layer 2 services until the process has automatically restarted.\n\nThis issue affects EX Series, QFX Series, MX Series:\nJunos OS:\n\n\n  *  all versions before 23.2R2-S7,\n  *  23.4 versions before 23.4R2-S7,\n  *  24.2 versions before 24.2R2,\n  *  24.4 versions before 24.4R1-S2.\n\n\n\nJunos OS Evolved:\n  *  all versions before 23.2R2-S7-EVO,\n  *  23.4 versions before 23.4R2-S8-EVO,\n  *  24.2 versions before 24.2R2-EVO,\n  *  24.4 versions before 24.4R1-S3-EVO."
            }
          ],
          "exploits": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
                }
              ],
              "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 5.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            },
            {
              "cvssV4_0": {
                "Automatable": "YES",
                "Recovery": "AUTOMATIC",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "LOCAL",
                "baseScore": 6.8,
                "baseSeverity": "MEDIUM",
                "privilegesRequired": "LOW",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "LOW",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/AU:Y/R:A/RE:M",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "NONE",
                "vulnerabilityResponseEffort": "MODERATE"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-466",
                  "description": "CWE-466 Return of Pointer Value Outside of Expected Range",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-09T21:07:20.486Z",
            "orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
            "shortName": "juniper"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://supportportal.juniper.net/JSA110085"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "The following software releases have been updated to resolve this specific issue:\u003cbr\u003eJunos OS: 23.2R2-S7, 23.4R2-S7, 24.2R2, 24.4R1-S2, 24.4R2, 25.2R1, and all subsequent releases;\u003cbr\u003eJunos OS Evolved: 23.2R2-S7-EVO, 23.4R2-S8-EVO, 24.2R2-EVO, 24.4R1-S3-EVO, 24.4R2-EVO, 25.2R1-EVO, and all subsequent releases."
                }
              ],
              "value": "The following software releases have been updated to resolve this specific issue:\nJunos OS: 23.2R2-S7, 23.4R2-S7, 24.2R2, 24.4R1-S2, 24.4R2, 25.2R1, and all subsequent releases;\nJunos OS Evolved: 23.2R2-S7-EVO, 23.4R2-S8-EVO, 24.2R2-EVO, 24.4R1-S3-EVO, 24.4R2-EVO, 25.2R1-EVO, and all subsequent releases."
            }
          ],
          "source": {
            "advisory": "JSA110085",
            "defect": [
              "1861779"
            ],
            "discovery": "INTERNAL"
          },
          "title": "Junos OS and Junos OS Evolved: EX Series, QFX Series, MX Series: A specific \u0027show l2-learning\u0027 command causes l2ald crash",
          "workarounds": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "There are no known workarounds for this issue.\u003cbr\u003e\u003cbr\u003eTo reduce the risk of exploitation use access lists or firewall filters to limit access to the CLI only from trusted hosts and administrators.\u003cbr\u003e"
                }
              ],
              "value": "There are no known workarounds for this issue.\n\nTo reduce the risk of exploitation use access lists or firewall filters to limit access to the CLI only from trusted hosts and administrators."
            }
          ],
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
        "assignerShortName": "juniper",
        "cveId": "CVE-2026-57025",
        "datePublished": "2026-07-09T21:07:20.486Z",
        "dateReserved": "2026-06-23T16:27:00.248Z",
        "dateUpdated": "2026-07-09T21:07:20.486Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-57024 (GCVE-0-2026-57024)

    Vulnerability from nvd – Published: 2026-07-09 21:06 – Updated: 2026-07-09 21:06
    VLAI
    Title
    Junos OS: MX with SPC3, SRX Series: Repeated VPN negotiation failures will eventually cause iked to crash continuously
    Summary
    A Use of Multiple Resources with Duplicate Identifier vulnerability in the IKE daemon (iked) of Juniper Networks Junos OS on MX with SPC3 and SRX Series allows an unauthenticated, network-based attacker to cause a Denial-of-Service (DoS). On an MX with SPC3 and SRX devices configured for VPN service, when a large number of VPN negotiations fail a peer index rollover will eventually occur. As a result, new peers are assigned index values that are already in use and the iked process starts to crash repeatedly. This results in failure to establish new VPN connections and rekeying existing ones. To restore service the system must be rebooted. Please note that the index value can't be monitored, so customers should monitor tunnel up and down events and if a lot of events occur over an extended period of time it becomes likely that this issue occurs. To be exposed to this issue the system needs to run iked (vs. kmd which is not affected), which can be verified with: user@host> show system processes extensive | match "KMD|IKED" This issue affects Junos OS on MX with SPC3, SRX Series: * all versions before 23.2R2-S7, * 23.4 versions before 23.4R2-S6, * 24.2 versions before 24.2R2-S3, * 24.4 versions before 24.4R2-S4, * 25.2 versions before 25.2R1-S1.
    CWE
    • CWE-694 - Use of Multiple Resources with Duplicate Identifier
    Assigner
    References
    Impacted products
    Vendor Product Version
    Juniper Networks Junos OS Affected: 0 , < 23.2R2-S7 (custom)
    Affected: 23.4 , < 23.4R2-S6 (custom)
    Affected: 24.2 , < 24.2R2-S3 (custom)
    Affected: 24.4 , < 24.4R2-S4 (custom)
    Affected: 25.2 , < 25.2R1-S1 (custom)
    Create a notification for this product.
    Date Public
    2026-07-08 16:00
    Show details on NVD website

    {
      "containers": {
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "SRX Series",
                "MX with SPC3"
              ],
              "product": "Junos OS",
              "vendor": "Juniper Networks",
              "versions": [
                {
                  "lessThan": "23.2R2-S7",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "23.4R2-S6",
                  "status": "affected",
                  "version": "23.4",
                  "versionType": "custom"
                },
                {
                  "lessThan": "24.2R2-S3",
                  "status": "affected",
                  "version": "24.2",
                  "versionType": "custom"
                },
                {
                  "lessThan": "24.4R2-S4",
                  "status": "affected",
                  "version": "24.4",
                  "versionType": "custom"
                },
                {
                  "lessThan": "25.2R1-S1",
                  "status": "affected",
                  "version": "25.2",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2026-07-08T16:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "A Use of Multiple Resources with Duplicate Identifier vulnerability in the IKE daemon (iked) of Juniper Networks Junos OS on MX with SPC3 and SRX Series allows an unauthenticated, network-based attacker to cause a Denial-of-Service (DoS).\u003cbr\u003e\n\n\u003cbr\u003eOn an MX with SPC3 and SRX devices configured for VPN service, when a large number of VPN negotiations fail\u0026nbsp;a peer index rollover will eventually occur. As a result, new peers are assigned index values that are already in use and the iked process starts to crash repeatedly. This results in failure to establish new VPN connections and rekeying existing ones. To restore service the system must be rebooted.\u003cbr\u003ePlease note that the index value can\u0027t be monitored, so customers should monitor tunnel up and down events and if a lot of events occur over an extended period of time it becomes likely that this issue occurs.\u003cbr\u003e\u003cbr\u003eTo be exposed to this issue the system needs to run iked (vs. kmd which is not affected), which can be verified with:\u003cbr\u003e\u003cbr\u003e\u003ctt\u003euser@host\u0026gt; show system processes extensive | match \"KMD|IKED\"\u003c/tt\u003e\u003cp\u003e\u003cbr\u003eThis issue affects Junos OS on MX with SPC3, SRX Series:\u003cbr\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003eall versions before 23.2R2-S7,\u003c/li\u003e\u003cli\u003e23.4 versions before 23.4R2-S6,\u003c/li\u003e\u003cli\u003e24.2 versions before 24.2R2-S3,\u003c/li\u003e\u003cli\u003e24.4 versions before 24.4R2-S4,\u003c/li\u003e\u003cli\u003e25.2 versions before 25.2R1-S1.\u003c/li\u003e\u003c/ul\u003e\u003cbr\u003e"
                }
              ],
              "value": "A Use of Multiple Resources with Duplicate Identifier vulnerability in the IKE daemon (iked) of Juniper Networks Junos OS on MX with SPC3 and SRX Series allows an unauthenticated, network-based attacker to cause a Denial-of-Service (DoS).\n\n\n\nOn an MX with SPC3 and SRX devices configured for VPN service, when a large number of VPN negotiations fail\u00a0a peer index rollover will eventually occur. As a result, new peers are assigned index values that are already in use and the iked process starts to crash repeatedly. This results in failure to establish new VPN connections and rekeying existing ones. To restore service the system must be rebooted.\nPlease note that the index value can\u0027t be monitored, so customers should monitor tunnel up and down events and if a lot of events occur over an extended period of time it becomes likely that this issue occurs.\n\nTo be exposed to this issue the system needs to run iked (vs. kmd which is not affected), which can be verified with:\n\nuser@host\u003e show system processes extensive | match \"KMD|IKED\"\nThis issue affects Junos OS on MX with SPC3, SRX Series:\n\n\n  *  all versions before 23.2R2-S7,\n  *  23.4 versions before 23.4R2-S6,\n  *  24.2 versions before 24.2R2-S3,\n  *  24.4 versions before 24.4R2-S4,\n  *  25.2 versions before 25.2R1-S1."
            }
          ],
          "exploits": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
                }
              ],
              "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            },
            {
              "cvssV4_0": {
                "Automatable": "YES",
                "Recovery": "USER",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 6.9,
                "baseSeverity": "MEDIUM",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "LOW",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:L/AU:Y/R:U/RE:M",
                "version": "4.0",
                "vulnAvailabilityImpact": "LOW",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "NONE",
                "vulnerabilityResponseEffort": "MODERATE"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-694",
                  "description": "CWE-694 Use of Multiple Resources with Duplicate Identifier",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-09T21:06:57.585Z",
            "orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
            "shortName": "juniper"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://supportportal.juniper.net/JSA110084"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "The following software releases have been updated to resolve this specific issue:\n\nJunos OS: 23.2R2-S7, 23.4R2-S6, 24.2R2-S3, 24.4R2-S4, 25.2R1-S1, 25.2R2, 25.4R1, and all subsequent releases."
                }
              ],
              "value": "The following software releases have been updated to resolve this specific issue:\n\nJunos OS: 23.2R2-S7, 23.4R2-S6, 24.2R2-S3, 24.4R2-S4, 25.2R1-S1, 25.2R2, 25.4R1, and all subsequent releases."
            }
          ],
          "source": {
            "advisory": "JSA110084",
            "defect": [
              "1889298"
            ],
            "discovery": "USER"
          },
          "title": "Junos OS: MX with SPC3, SRX Series: Repeated VPN negotiation failures will eventually cause iked to crash continuously",
          "workarounds": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "There are no known workarounds for this issue."
                }
              ],
              "value": "There are no known workarounds for this issue."
            }
          ],
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
        "assignerShortName": "juniper",
        "cveId": "CVE-2026-57024",
        "datePublished": "2026-07-09T21:06:57.585Z",
        "dateReserved": "2026-06-23T16:27:00.248Z",
        "dateUpdated": "2026-07-09T21:06:57.585Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-57023 (GCVE-0-2026-57023)

    Vulnerability from nvd – Published: 2026-07-09 21:06 – Updated: 2026-07-09 21:06
    VLAI
    Title
    Junos OS: MX with SPC3, SRX Series: A specifically malformed TCP packet causes a flowd crash
    Summary
    An Improper Validation of Specified Quantity in Input vulnerability in the TCP proxy plugin of Juniper Networks Junos OS on MX Series with SPC3, and SRX Series allows an unauthenticated, network-based attacker to cause a complete Denial of Service (DoS). When TCP proxy is engaged in a flow session, to support ALGs, Advanced Anti-Malware, ICAP or UTM, a TCP packet with specifically malformed TCP header will cause flow processing daemon (flowd) to crash and restart. This causes a complete service outage until the system has automatically recovered. This issue affects Junos OS on MX with SPC3, and SRX Series:  * 23.4 versions before 23.4R2-S7,  * 24.2 versions before 24.2R2-S4,  * 24.4 versions before 24.4R2-S3, * 25.2 versions before 25.2R2. This issue does not affect releases before 23.4R1.
    CWE
    • CWE-1284 - Improper Validation of Specified Quantity in Input
    Assigner
    References
    Impacted products
    Vendor Product Version
    Juniper Networks Junos OS Affected: 23.4 , < 23.4R2-S7 (custom)
    Affected: 24.2 , < 24.2R2-S4 (custom)
    Affected: 24.4 , < 24.4R2-S3 (custom)
    Affected: 25.2 , < 25.2R2 (custom)
    Create a notification for this product.
    Date Public
    2026-07-08 16:00
    Show details on NVD website

    {
      "containers": {
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "SRX Series",
                "MX Series with SPC3"
              ],
              "product": "Junos OS",
              "vendor": "Juniper Networks",
              "versions": [
                {
                  "lessThan": "23.4R2-S7",
                  "status": "affected",
                  "version": "23.4",
                  "versionType": "custom"
                },
                {
                  "lessThan": "24.2R2-S4",
                  "status": "affected",
                  "version": "24.2",
                  "versionType": "custom"
                },
                {
                  "lessThan": "24.4R2-S3",
                  "status": "affected",
                  "version": "24.4",
                  "versionType": "custom"
                },
                {
                  "lessThan": "25.2R2",
                  "status": "affected",
                  "version": "25.2",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2026-07-08T16:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "An Improper Validation of Specified Quantity in Input vulnerability in the TCP proxy plugin of Juniper Networks Junos OS on MX Series with SPC3, and SRX Series allows an unauthenticated, network-based attacker to cause a complete Denial of Service (DoS).\u003cbr\u003e\u003cbr\u003eWhen TCP proxy is engaged in a flow session, to support ALGs,\u0026nbsp;Advanced Anti-Malware, ICAP\u0026nbsp;or UTM, a TCP packet with specifically malformed TCP header will cause flow processing daemon (flowd) to crash and restart. This causes a complete service outage until the system has automatically recovered.\u003cbr\u003e\n\n\u003cbr\u003e\u003cp\u003eThis issue affects Junos OS on MX with SPC3, and SRX Series:\u0026nbsp;\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003e23.4 versions before 23.4R2-S7,\u0026nbsp;\u003c/li\u003e\u003cli\u003e24.2 versions before 24.2R2-S4,\u0026nbsp;\u003c/li\u003e\u003cli\u003e24.4 versions before 24.4R2-S3,\u003c/li\u003e\u003cli\u003e25.2 versions before 25.2R2.\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003eThis issue does not affect releases before 23.4R1.\u003c/p\u003e"
                }
              ],
              "value": "An Improper Validation of Specified Quantity in Input vulnerability in the TCP proxy plugin of Juniper Networks Junos OS on MX Series with SPC3, and SRX Series allows an unauthenticated, network-based attacker to cause a complete Denial of Service (DoS).\n\nWhen TCP proxy is engaged in a flow session, to support ALGs,\u00a0Advanced Anti-Malware, ICAP\u00a0or UTM, a TCP packet with specifically malformed TCP header will cause flow processing daemon (flowd) to crash and restart. This causes a complete service outage until the system has automatically recovered.\n\n\n\nThis issue affects Junos OS on MX with SPC3, and SRX Series:\u00a0\n\n\n\n  *  23.4 versions before 23.4R2-S7,\u00a0\n  *  24.2 versions before 24.2R2-S4,\u00a0\n  *  24.4 versions before 24.4R2-S3,\n  *  25.2 versions before 25.2R2.\n\n\n\n\nThis issue does not affect releases before 23.4R1."
            }
          ],
          "exploits": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
                }
              ],
              "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            },
            {
              "cvssV4_0": {
                "Automatable": "YES",
                "Recovery": "AUTOMATIC",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 8.7,
                "baseSeverity": "HIGH",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "LOW",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/AU:Y/R:A/RE:M",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "NONE",
                "vulnerabilityResponseEffort": "MODERATE"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-1284",
                  "description": "CWE-1284 Improper Validation of Specified Quantity in Input",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-09T21:06:34.219Z",
            "orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
            "shortName": "juniper"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://supportportal.juniper.net/JSA110083"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "The following software releases have been updated to resolve this specific issue: 23.4R2-S7, 24.2R2-S4, 24.4R2-S3, 25.2R2, 25.4R1, and all subsequent releases."
                }
              ],
              "value": "The following software releases have been updated to resolve this specific issue: 23.4R2-S7, 24.2R2-S4, 24.4R2-S3, 25.2R2, 25.4R1, and all subsequent releases."
            }
          ],
          "source": {
            "advisory": "JSA110083",
            "defect": [
              "1918795"
            ],
            "discovery": "USER"
          },
          "title": "Junos OS: MX with SPC3, SRX Series: A specifically malformed TCP packet causes a flowd crash",
          "workarounds": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "There are no known workarounds for this issue."
                }
              ],
              "value": "There are no known workarounds for this issue."
            }
          ],
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
        "assignerShortName": "juniper",
        "cveId": "CVE-2026-57023",
        "datePublished": "2026-07-09T21:06:34.219Z",
        "dateReserved": "2026-06-23T16:27:00.248Z",
        "dateUpdated": "2026-07-09T21:06:34.219Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-57022 (GCVE-0-2026-57022)

    Vulnerability from nvd – Published: 2026-07-09 21:06 – Updated: 2026-07-09 21:06
    VLAI
    Title
    Junos OS: MX Series with SPC3, SRX Series: Specific packet in response to a TCP connection establishment by the affected device can crash the PFE
    Summary
    An Improper Check for Unusual or Exceptional Conditions vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS on MX with SPC3 and SRX Series allows an unauthenticated, network-based attacker to cause a Denial-of-Service (DoS). When an affected device initiates a TCP connection to an attacker-controlled system that responds with a specific packet, this causes a PFE crash and restart, which affects all services until the system has automatically recovered. This issue can happen among others in the following scenarios: ALG, SSL proxy, UTM, RTLOG, AppQoE probing, AAMW, ICAP, URL filtering. This issue affects Junos OS on MX Series with SPC3, SRX5k Series with SPC3, SRX1600 Series, SRX2300 Series, SRX4000 Series, and vSRX Series: * all versions before 23.2R2-S4, * 23.4 versions before 23.4R2-S5, * 24.2 versions before 24.2R2.
    CWE
    • CWE-754 - Improper Check for Unusual or Exceptional Conditions
    Assigner
    References
    Impacted products
    Vendor Product Version
    Juniper Networks Junos OS Affected: 0 , < 23.2R2-S4 (custom)
    Affected: 23.4 , < 23.4R2-S5 (custom)
    Affected: 24.2 , < 24.2R2 (custom)
    Create a notification for this product.
    Date Public
    2026-07-08 16:00
    Show details on NVD website

    {
      "containers": {
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "MX Series with SPC3",
                "SRX5k Series with\u00a0SPC3",
                "SRX1600 Series",
                "SRX2300 Series",
                "SRX4000 Series",
                "vSRX Series"
              ],
              "product": "Junos OS",
              "vendor": "Juniper Networks",
              "versions": [
                {
                  "lessThan": "23.2R2-S4",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "23.4R2-S5",
                  "status": "affected",
                  "version": "23.4",
                  "versionType": "custom"
                },
                {
                  "lessThan": "24.2R2",
                  "status": "affected",
                  "version": "24.2",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2026-07-08T16:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "An Improper Check for Unusual or Exceptional Conditions vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS on MX with SPC3 and SRX Series allows an unauthenticated, network-based attacker to cause a Denial-of-Service (DoS).\u003cbr\u003e\u003cbr\u003eWhen an affected device initiates a TCP connection to an attacker-controlled system that responds with a specific packet, this causes a PFE crash and restart, which affects all services until the system has automatically recovered.\u003cbr\u003eThis issue can happen among others in the following scenarios: ALG, SSL proxy, UTM, RTLOG, AppQoE probing, AAMW, ICAP, URL filtering.\u003cbr\u003e\u003cbr\u003eThis issue affects Junos OS on MX Series with SPC3, SRX5k Series with\u0026nbsp;SPC3, SRX1600 Series, SRX2300 Series, SRX4000 Series, and vSRX Series:\u003cbr\u003e\u003cbr\u003e\u003cul\u003e\u003cli\u003eall versions before 23.2R2-S4,\u003c/li\u003e\u003cli\u003e23.4 versions before 23.4R2-S5,\u003c/li\u003e\u003cli\u003e24.2 versions before 24.2R2.\u003c/li\u003e\u003c/ul\u003e"
                }
              ],
              "value": "An Improper Check for Unusual or Exceptional Conditions vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS on MX with SPC3 and SRX Series allows an unauthenticated, network-based attacker to cause a Denial-of-Service (DoS).\n\nWhen an affected device initiates a TCP connection to an attacker-controlled system that responds with a specific packet, this causes a PFE crash and restart, which affects all services until the system has automatically recovered.\nThis issue can happen among others in the following scenarios: ALG, SSL proxy, UTM, RTLOG, AppQoE probing, AAMW, ICAP, URL filtering.\n\nThis issue affects Junos OS on MX Series with SPC3, SRX5k Series with\u00a0SPC3, SRX1600 Series, SRX2300 Series, SRX4000 Series, and vSRX Series:\n\n  *  all versions before 23.2R2-S4,\n  *  23.4 versions before 23.4R2-S5,\n  *  24.2 versions before 24.2R2."
            }
          ],
          "exploits": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
                }
              ],
              "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 5.9,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            },
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "AUTOMATIC",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "PRESENT",
                "attackVector": "NETWORK",
                "baseScore": 8.2,
                "baseSeverity": "HIGH",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "LOW",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/R:A/RE:M",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "NONE",
                "vulnerabilityResponseEffort": "MODERATE"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-754",
                  "description": "CWE-754 Improper Check for Unusual or Exceptional Conditions",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-09T21:06:06.154Z",
            "orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
            "shortName": "juniper"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://supportportal.juniper.net/JSA110082"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "The following software releases have been updated to resolve this specific issue: 22.4R3-S8, 23.2R2-S4, 23.4R2-S5, 24.2R2, 24.4R1, and all subsequent releases."
                }
              ],
              "value": "The following software releases have been updated to resolve this specific issue: 22.4R3-S8, 23.2R2-S4, 23.4R2-S5, 24.2R2, 24.4R1, and all subsequent releases."
            }
          ],
          "source": {
            "advisory": "JSA110082",
            "defect": [
              "1833415"
            ],
            "discovery": "USER"
          },
          "title": "Junos OS: MX Series with SPC3, SRX Series: Specific packet in response to a TCP connection establishment by the affected device can crash the PFE",
          "workarounds": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "There are no known workarounds for this issue."
                }
              ],
              "value": "There are no known workarounds for this issue."
            }
          ],
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
        "assignerShortName": "juniper",
        "cveId": "CVE-2026-57022",
        "datePublished": "2026-07-09T21:06:06.154Z",
        "dateReserved": "2026-06-23T16:27:00.248Z",
        "dateUpdated": "2026-07-09T21:06:06.154Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-57021 (GCVE-0-2026-57021)

    Vulnerability from nvd – Published: 2026-07-09 21:05 – Updated: 2026-07-09 21:05
    VLAI
    Title
    Junos OS: SRX Series: If VPN compliance-check is configured an attacker can cause http-gk process crash
    Summary
    An Out-of-bounds Write vulnerability in the http-gatekeeper (http-gk) of Juniper Networks Junos OS on SRX Series allows an unauthenticated, network-based attacker to cause a Denial-of-Service (DoS). If an SRX Series device is configured for remote-access VPN with pre-logon compliance check, a network-based attacker sending specifically formatted requests can trigger an out of bounds write leading to an http-gk process crash. This crash leads to unavailability of all services depending on the [ system services web-management ] configuration (like J-Web, remote access VPN and firewall authentication) until the process automatically restarts. This issue affects Junos OS on SRX Series: * 23.2 versions before 23.2R2-S7, * 23.4 versions before 23.4R2-S8, * 24.2 versions before 24.2R2-S4, * 24.4 versions before 24.4R2-S4, * 25.2 versions before 25.2R2, * 25.4 versions before 25.4R1-S1, 25.4R2.
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    Juniper Networks Junos OS Affected: 23.2 , < 23.2R2-S7 (custom)
    Affected: 23.4 , < 23.4R2-S8 (custom)
    Affected: 24.2 , < 24.2R2-S4 (custom)
    Affected: 24.4 , < 24.4R2-S4 (custom)
    Affected: 25.2 , < 25.2R2 (custom)
    Affected: 25.4 , < 25.4R1-S1, 25.4R2 (custom)
    Create a notification for this product.
    Date Public
    2026-07-08 16:00
    Show details on NVD website

    {
      "containers": {
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "SRX Series"
              ],
              "product": "Junos OS",
              "vendor": "Juniper Networks",
              "versions": [
                {
                  "lessThan": "23.2R2-S7",
                  "status": "affected",
                  "version": "23.2",
                  "versionType": "custom"
                },
                {
                  "lessThan": "23.4R2-S8",
                  "status": "affected",
                  "version": "23.4",
                  "versionType": "custom"
                },
                {
                  "lessThan": "24.2R2-S4",
                  "status": "affected",
                  "version": "24.2",
                  "versionType": "custom"
                },
                {
                  "lessThan": "24.4R2-S4",
                  "status": "affected",
                  "version": "24.4",
                  "versionType": "custom"
                },
                {
                  "lessThan": "25.2R2",
                  "status": "affected",
                  "version": "25.2",
                  "versionType": "custom"
                },
                {
                  "lessThan": "25.4R1-S1, 25.4R2",
                  "status": "affected",
                  "version": "25.4",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "configurations": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "To be exposed to this issue, the device needs to be configured to perform client compliance checks with:\u003cbr\u003e\u003cbr\u003e\u003ctt\u003e[ security remote-access compliance pre-logon ... ]\u003c/tt\u003e\u003cbr\u003e"
                }
              ],
              "value": "To be exposed to this issue, the device needs to be configured to perform client compliance checks with:\n\n[ security remote-access compliance pre-logon ... ]"
            }
          ],
          "datePublic": "2026-07-08T16:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "An Out-of-bounds Write vulnerability in the http-gatekeeper (http-gk) of Juniper Networks Junos OS on SRX Series allows an unauthenticated, network-based attacker to cause a Denial-of-Service (DoS).\u003cbr\u003e\u003cbr\u003eIf an SRX Series device is configured for remote-access VPN with pre-logon compliance check, a network-based attacker sending specifically formatted requests can trigger an out of bounds write leading to an http-gk process crash. This crash leads to unavailability of all services depending on the [ system services web-management ] configuration (like J-Web, remote access VPN and firewall authentication) until the process automatically restarts.\u003cbr\u003e\u003cp\u003e\u003cbr\u003eThis issue affects\u0026nbsp;Junos OS on SRX Series:\u003cbr\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003e23.2 versions before 23.2R2-S7,\u003c/li\u003e\u003cli\u003e23.4 versions before 23.4R2-S8,\u003c/li\u003e\u003cli\u003e24.2 versions before 24.2R2-S4,\u003c/li\u003e\u003cli\u003e24.4 versions before 24.4R2-S4,\u003c/li\u003e\u003cli\u003e25.2 versions before 25.2R2,\u003c/li\u003e\u003cli\u003e25.4 versions before 25.4R1-S1, 25.4R2.\u003c/li\u003e\u003c/ul\u003e\u003cbr\u003e\u003cp\u003e\u003c/p\u003e"
                }
              ],
              "value": "An Out-of-bounds Write vulnerability in the http-gatekeeper (http-gk) of Juniper Networks Junos OS on SRX Series allows an unauthenticated, network-based attacker to cause a Denial-of-Service (DoS).\n\nIf an SRX Series device is configured for remote-access VPN with pre-logon compliance check, a network-based attacker sending specifically formatted requests can trigger an out of bounds write leading to an http-gk process crash. This crash leads to unavailability of all services depending on the [ system services web-management ] configuration (like J-Web, remote access VPN and firewall authentication) until the process automatically restarts.\n\nThis issue affects\u00a0Junos OS on SRX Series:\n\n\n  *  23.2 versions before 23.2R2-S7,\n  *  23.4 versions before 23.4R2-S8,\n  *  24.2 versions before 24.2R2-S4,\n  *  24.4 versions before 24.4R2-S4,\n  *  25.2 versions before 25.2R2,\n  *  25.4 versions before 25.4R1-S1, 25.4R2."
            }
          ],
          "exploits": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
                }
              ],
              "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            },
            {
              "cvssV4_0": {
                "Automatable": "YES",
                "Recovery": "AUTOMATIC",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 6.9,
                "baseSeverity": "MEDIUM",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/AU:Y/R:A/RE:M",
                "version": "4.0",
                "vulnAvailabilityImpact": "LOW",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "NONE",
                "vulnerabilityResponseEffort": "MODERATE"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-787",
                  "description": "CWE-787 Out-of-bounds Write",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-09T21:05:45.214Z",
            "orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
            "shortName": "juniper"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://supportportal.juniper.net/JSA110081"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "The following software releases have been updated to resolve this specific issue:\n\nJunos OS: 23.2R2-S7, 23.4R2-S8, 24.2R2-S4, 24.4R2-S4, 25.2R2, 25.4R1-S1, 25.4R2, 26.2R1, and all subsequent releases."
                }
              ],
              "value": "The following software releases have been updated to resolve this specific issue:\n\nJunos OS: 23.2R2-S7, 23.4R2-S8, 24.2R2-S4, 24.4R2-S4, 25.2R2, 25.4R1-S1, 25.4R2, 26.2R1, and all subsequent releases."
            }
          ],
          "source": {
            "advisory": "JSA110081",
            "defect": [
              "1922812"
            ],
            "discovery": "USER"
          },
          "title": "Junos OS: SRX Series: If VPN compliance-check is configured an attacker can cause http-gk process crash",
          "workarounds": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "There are no known workarounds for this issue."
                }
              ],
              "value": "There are no known workarounds for this issue."
            }
          ],
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
        "assignerShortName": "juniper",
        "cveId": "CVE-2026-57021",
        "datePublished": "2026-07-09T21:05:45.214Z",
        "dateReserved": "2026-06-23T16:27:00.248Z",
        "dateUpdated": "2026-07-09T21:05:45.214Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-57020 (GCVE-0-2026-57020)

    Vulnerability from nvd – Published: 2026-07-09 21:05 – Updated: 2026-07-09 21:05
    VLAI
    Title
    Junos OS: QFX10000 Series: IPv6 multicast traffic received on non-IRB interfaces causes a multicast flood
    Summary
    An Improper Check for Unusual or Exceptional Conditions vulnerability in the packet forwarding engine (pfe) of Juniper Networks Junos OS on QFX10000 Series allows an unauthenticated, adjacent attacker to cause a Denial-of-Service (DoS). On all QFX10000 platforms in an EVPN-VxLAN scenario, if an attacker sends IPv6 multicast traffic and these packets reach the non-IRB interface of a spine switch it floods the packet to other spines and all Ethernet Segment Identifier (ESI) leaf switches. This flooding causes the packet to be forwarded in a endless loop, which can lead to saturation of the involved links and in turn impact to legitimate traffic. This issue affects Junos OS on QFX10000 Series: * all versions before 23.2R2-S7, * 23.4 versions before 23.4R2-S8, * 24.2 versions before 24.2R2-S4, * 24.4 versions before 24.4R2-S4. This issue does not affect Junos version after 24.4 as the QFX10000 Series devices are not supported on newer versions anymore.
    CWE
    • CWE-754 - Improper Check for Unusual or Exceptional Conditions
    Assigner
    References
    Impacted products
    Vendor Product Version
    Juniper Networks Junos OS Affected: 0 , < 23.2R2-S7 (custom)
    Affected: 23.4 , < 23.4R2-S8 (custom)
    Affected: 24.2 , < 24.2R2-S4 (custom)
    Affected: 24.4 , < 24.4R2-S4 (custom)
    Create a notification for this product.
    Date Public
    2026-07-08 16:00
    Show details on NVD website

    {
      "containers": {
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "QFX10000 Series"
              ],
              "product": "Junos OS",
              "vendor": "Juniper Networks",
              "versions": [
                {
                  "lessThan": "23.2R2-S7",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "23.4R2-S8",
                  "status": "affected",
                  "version": "23.4",
                  "versionType": "custom"
                },
                {
                  "lessThan": "24.2R2-S4",
                  "status": "affected",
                  "version": "24.2",
                  "versionType": "custom"
                },
                {
                  "lessThan": "24.4R2-S4",
                  "status": "affected",
                  "version": "24.4",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2026-07-08T16:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "An Improper Check for Unusual or Exceptional Conditions vulnerability in the packet forwarding engine (pfe) of Juniper Networks Junos OS on QFX10000 Series allows an unauthenticated, adjacent attacker to cause a Denial-of-Service (DoS).\u003cp\u003e\n\nOn all QFX10000 platforms in an EVPN-VxLAN scenario, if an attacker sends IPv6 multicast traffic and these packets reach the non-IRB interface of a spine switch it floods the packet to other spines and all Ethernet Segment Identifier (ESI)\u0026nbsp;leaf switches. This flooding causes the packet to be forwarded in a endless loop, which can lead to saturation of the involved links and in turn impact to legitimate traffic.\u003cbr\u003e\u003c/p\u003e\u003cp\u003e\u003cbr\u003eThis issue affects Junos OS on QFX10000 Series:\u003cbr\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003eall versions before 23.2R2-S7,\u003c/li\u003e\u003cli\u003e23.4 versions before 23.4R2-S8,\u003c/li\u003e\u003cli\u003e24.2 versions before 24.2R2-S4,\u003c/li\u003e\u003cli\u003e24.4 versions before 24.4R2-S4.\u003c/li\u003e\u003c/ul\u003e\u003cbr\u003eThis issue does not affect Junos version after 24.4 as the QFX10000 Series devices are not supported on newer versions anymore.\u003cp\u003e\u003c/p\u003e"
                }
              ],
              "value": "An Improper Check for Unusual or Exceptional Conditions vulnerability in the packet forwarding engine (pfe) of Juniper Networks Junos OS on QFX10000 Series allows an unauthenticated, adjacent attacker to cause a Denial-of-Service (DoS).\n\nOn all QFX10000 platforms in an EVPN-VxLAN scenario, if an attacker sends IPv6 multicast traffic and these packets reach the non-IRB interface of a spine switch it floods the packet to other spines and all Ethernet Segment Identifier (ESI)\u00a0leaf switches. This flooding causes the packet to be forwarded in a endless loop, which can lead to saturation of the involved links and in turn impact to legitimate traffic.\n\n\n\nThis issue affects Junos OS on QFX10000 Series:\n\n\n  *  all versions before 23.2R2-S7,\n  *  23.4 versions before 23.4R2-S8,\n  *  24.2 versions before 24.2R2-S4,\n  *  24.4 versions before 24.4R2-S4.\n\n\n\nThis issue does not affect Junos version after 24.4 as the QFX10000 Series devices are not supported on newer versions anymore."
            }
          ],
          "exploits": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
                }
              ],
              "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT_NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            },
            {
              "cvssV4_0": {
                "Automatable": "YES",
                "Recovery": "USER",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "ADJACENT",
                "baseScore": 7.1,
                "baseSeverity": "HIGH",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "LOW",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/AU:Y/R:U/RE:M",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "NONE",
                "vulnerabilityResponseEffort": "MODERATE"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-754",
                  "description": "CWE-754 Improper Check for Unusual or Exceptional Conditions",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-09T21:05:07.368Z",
            "orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
            "shortName": "juniper"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://supportportal.juniper.net/JSA110080"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "The following software releases have been updated to resolve this specific issue:\n\nJunos OS: 23.2R2-S7, 23.4R2-S8, 24.2R2-S4, 24.4R2-S4."
                }
              ],
              "value": "The following software releases have been updated to resolve this specific issue:\n\nJunos OS: 23.2R2-S7, 23.4R2-S8, 24.2R2-S4, 24.4R2-S4."
            }
          ],
          "source": {
            "advisory": "JSA110080",
            "defect": [
              "1916949"
            ],
            "discovery": "USER"
          },
          "title": "Junos OS: QFX10000 Series: IPv6 multicast traffic received on non-IRB interfaces causes a multicast flood",
          "workarounds": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "There are no known workarounds for this issue."
                }
              ],
              "value": "There are no known workarounds for this issue."
            }
          ],
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
        "assignerShortName": "juniper",
        "cveId": "CVE-2026-57020",
        "datePublished": "2026-07-09T21:05:07.368Z",
        "dateReserved": "2026-06-23T16:27:00.248Z",
        "dateUpdated": "2026-07-09T21:05:07.368Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-57019 (GCVE-0-2026-57019)

    Vulnerability from nvd – Published: 2026-07-09 21:04 – Updated: 2026-07-09 21:04
    VLAI
    Title
    Junos OS: MX Series: Specific traffic causes an FPC to reset
    Summary
    An Improper Validation of Specified Quantity in Input vulnerability in the Packet Forwarding Engine (pfe) of Juniper Networks Junos OS on MX Series allows an unauthenticated, adjacent attacker to cause a Denial-of-Service (DoS). When a specific packet is received from device in the same broadcast domain, an affected system calculates the packet size incorrectly. This causes further packet processing to fail, which triggers an FPC major error, resulting in a FPC reset impacting traffic until the FPC has automatically recovered. Affected scenarios are: MAP-T, or non-IP traffic encapsulated in IP (e.g. MPLS over GRE). When this issue happens the following logs can be observed: fpc<#> CMError: /fpc/0/pfe/0/cm/0/MQSS(0)/0/MQSS_CMERROR_LI_INT_REG_UNROLL_TAIL_LENGTH_OVF (0x2205eb), scope: pfe, category: functional, severity: major, module: MQSS(0), type: LI: Unroll TAIL length overflow, oc_category: default fpc<#> Performing action reset-fru for error /fpc/0/pfe/0/cm/0/MQSS(0)/0/MQSS_CMERROR_LI_INT_REG_UNROLL_TAIL_LENGTH_OVF (0x2205eb) in module: MQSS(0) with scope: pfe category: functional level: major, oc_category: default This issue affects Junos OS on MX Series: * all versions before 23.2R2-S6, * 23.4 versions before 23.4R2-S7, * 24.2 versions before 24.2R2-S4, * 24.4 versions before 24.4R2-S4, * 25.2 versions before 25.2R2.
    CWE
    • CWE-1284 - Improper Validation of Specified Quantity in Input
    Assigner
    References
    Impacted products
    Vendor Product Version
    Juniper Networks Junos OS Affected: 0 , < 23.2R2-S6 (custom)
    Affected: 23.4 , < 23.4R2-S7 (custom)
    Affected: 24.2 , < 24.2R2-S4 (custom)
    Affected: 24.4 , < 24.4R2-S4 (custom)
    Affected: 25.2 , < 25.2R2 (custom)
    Create a notification for this product.
    Date Public
    2026-07-08 16:00
    Show details on NVD website

    {
      "containers": {
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "MX Series"
              ],
              "product": "Junos OS",
              "vendor": "Juniper Networks",
              "versions": [
                {
                  "lessThan": "23.2R2-S6",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "23.4R2-S7",
                  "status": "affected",
                  "version": "23.4",
                  "versionType": "custom"
                },
                {
                  "lessThan": "24.2R2-S4",
                  "status": "affected",
                  "version": "24.2",
                  "versionType": "custom"
                },
                {
                  "lessThan": "24.4R2-S4",
                  "status": "affected",
                  "version": "24.4",
                  "versionType": "custom"
                },
                {
                  "lessThan": "25.2R2",
                  "status": "affected",
                  "version": "25.2",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2026-07-08T16:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "An Improper Validation of Specified Quantity in Input vulnerability in the Packet Forwarding Engine (pfe) of Juniper Networks Junos OS on MX Series allows an unauthenticated, adjacent attacker to cause a Denial-of-Service (DoS).\u003cbr\u003e\u003cp\u003e\n\nWhen a specific packet is received from device in the same broadcast domain, an affected system calculates the packet size incorrectly. This causes further packet processing to fail, which triggers an FPC major error, resulting in a FPC reset impacting traffic until the FPC has automatically recovered.\u003c/p\u003e\u003cp\u003eAffected scenarios are: MAP-T, or non-IP traffic encapsulated in IP (e.g. MPLS over GRE).\u003c/p\u003e\u003cp\u003eWhen this issue happens the following logs can be observed:\u003c/p\u003e\u003ctt\u003efpc\u0026lt;#\u0026gt; CMError: /fpc/0/pfe/0/cm/0/MQSS(0)/0/MQSS_CMERROR_LI_INT_REG_UNROLL_TAIL_LENGTH_OVF (0x2205eb), scope: pfe, category: functional, severity: major, module: MQSS(0), type: LI: Unroll TAIL length overflow, oc_category: default\u003cbr\u003e\u003c/tt\u003e\u003ctt\u003efpc\u0026lt;#\u0026gt; Performing action reset-fru for error /fpc/0/pfe/0/cm/0/MQSS(0)/0/MQSS_CMERROR_LI_INT_REG_UNROLL_TAIL_LENGTH_OVF (0x2205eb) in module: MQSS(0) with scope: pfe category: functional level: major, oc_category: default\u003c/tt\u003e\u003cp\u003e\n\n\u003cbr\u003e\u003c/p\u003e\u003cp\u003eThis issue affects Junos OS on MX Series:\u003cbr\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003eall versions before 23.2R2-S6,\u003c/li\u003e\u003cli\u003e23.4 versions before 23.4R2-S7,\u003c/li\u003e\u003cli\u003e24.2 versions before 24.2R2-S4,\u003c/li\u003e\u003cli\u003e24.4 versions before 24.4R2-S4,\u003c/li\u003e\u003cli\u003e25.2 versions before 25.2R2.\u003c/li\u003e\u003c/ul\u003e\u003cbr\u003e\u003cp\u003e\u003c/p\u003e"
                }
              ],
              "value": "An Improper Validation of Specified Quantity in Input vulnerability in the Packet Forwarding Engine (pfe) of Juniper Networks Junos OS on MX Series allows an unauthenticated, adjacent attacker to cause a Denial-of-Service (DoS).\n\n\nWhen a specific packet is received from device in the same broadcast domain, an affected system calculates the packet size incorrectly. This causes further packet processing to fail, which triggers an FPC major error, resulting in a FPC reset impacting traffic until the FPC has automatically recovered.\n\nAffected scenarios are: MAP-T, or non-IP traffic encapsulated in IP (e.g. MPLS over GRE).\n\nWhen this issue happens the following logs can be observed:\n\nfpc\u003c#\u003e CMError: /fpc/0/pfe/0/cm/0/MQSS(0)/0/MQSS_CMERROR_LI_INT_REG_UNROLL_TAIL_LENGTH_OVF (0x2205eb), scope: pfe, category: functional, severity: major, module: MQSS(0), type: LI: Unroll TAIL length overflow, oc_category: default\nfpc\u003c#\u003e Performing action reset-fru for error /fpc/0/pfe/0/cm/0/MQSS(0)/0/MQSS_CMERROR_LI_INT_REG_UNROLL_TAIL_LENGTH_OVF (0x2205eb) in module: MQSS(0) with scope: pfe category: functional level: major, oc_category: default\n\n\n\n\nThis issue affects Junos OS on MX Series:\n\n\n  *  all versions before 23.2R2-S6,\n  *  23.4 versions before 23.4R2-S7,\n  *  24.2 versions before 24.2R2-S4,\n  *  24.4 versions before 24.4R2-S4,\n  *  25.2 versions before 25.2R2."
            }
          ],
          "exploits": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
                }
              ],
              "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT_NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            },
            {
              "cvssV4_0": {
                "Automatable": "YES",
                "Recovery": "AUTOMATIC",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "ADJACENT",
                "baseScore": 7.1,
                "baseSeverity": "HIGH",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "LOW",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/AU:Y/R:A/RE:M",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "NONE",
                "vulnerabilityResponseEffort": "MODERATE"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-1284",
                  "description": "CWE-1284 Improper Validation of Specified Quantity in Input",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-09T21:04:41.927Z",
            "orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
            "shortName": "juniper"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://supportportal.juniper.net/JSA110079"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "The following software releases have been updated to resolve this specific issue:\n\nJunos OS: 23.2R2-S6, 23.4R2-S7, 24.2R2-S4, 24.4R2-S4, 25.2R2, 25.4R1, and all subsequent releases."
                }
              ],
              "value": "The following software releases have been updated to resolve this specific issue:\n\nJunos OS: 23.2R2-S6, 23.4R2-S7, 24.2R2-S4, 24.4R2-S4, 25.2R2, 25.4R1, and all subsequent releases."
            }
          ],
          "source": {
            "advisory": "JSA110079",
            "defect": [
              "1912053"
            ],
            "discovery": "USER"
          },
          "title": "Junos OS: MX Series: Specific traffic causes an FPC to reset",
          "workarounds": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "There are no known workarounds for this issue."
                }
              ],
              "value": "There are no known workarounds for this issue."
            }
          ],
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
        "assignerShortName": "juniper",
        "cveId": "CVE-2026-57019",
        "datePublished": "2026-07-09T21:04:41.927Z",
        "dateReserved": "2026-06-23T16:27:00.248Z",
        "dateUpdated": "2026-07-09T21:04:41.927Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-33802 (GCVE-0-2026-33802)

    Vulnerability from nvd – Published: 2026-07-09 21:03 – Updated: 2026-07-09 21:03
    VLAI
    Title
    Junos OS: EX Series: Unauthorized users can execute service-impacting CLI command
    Summary
    A Missing Authorization vulnerability in the CLI of Juniper Networks Junos OS on EX Series allows a local, authenticated attacker to cause a Denial-of-Service (DoS). On EX2300, EX4000, EX4100, EX4300-MP (Multigigabit) and EX4400 switches, an authenticated, local attacker with no specific permissions or class can execute a specific, privileged CLI 'request' command which will cause complete traffic impact until the system automatically recovers. This issue affects Junos OS on EX2300, EX4000, EX4100, EX4300-MP (Multigigabit) and EX4400: * 23.2R2 versions before 23.2R2-S6, * 23.4 versions before 23.4R2-S8, * 24.2 versions before 24.2R2-S4, * 24.4 versions before 24.4R2-S3, * 25.2 versions before 25.2R2, * 25.4 versions before 25.4R1-S1.
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    Juniper Networks Junos OS Affected: 23.2R2 , < 23.2R2-S6 (custom)
    Affected: 23.4 , < 23.4R2-S8 (custom)
    Affected: 24.2 , < 24.2R2-S4 (custom)
    Affected: 24.4 , < 24.4R2-S3 (custom)
    Affected: 25.2 , < 25.2R2 (custom)
    Affected: 25.4 , < 25.4R1-S1 (custom)
    Create a notification for this product.
    Date Public
    2026-07-08 16:00
    Show details on NVD website

    {
      "containers": {
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "EX4100",
                "EX4300-MP (Multigigabit)",
                "EX2300",
                "EX4400",
                "EX4000"
              ],
              "product": "Junos OS",
              "vendor": "Juniper Networks",
              "versions": [
                {
                  "lessThan": "23.2R2-S6",
                  "status": "affected",
                  "version": "23.2R2",
                  "versionType": "custom"
                },
                {
                  "lessThan": "23.4R2-S8",
                  "status": "affected",
                  "version": "23.4",
                  "versionType": "custom"
                },
                {
                  "lessThan": "24.2R2-S4",
                  "status": "affected",
                  "version": "24.2",
                  "versionType": "custom"
                },
                {
                  "lessThan": "24.4R2-S3",
                  "status": "affected",
                  "version": "24.4",
                  "versionType": "custom"
                },
                {
                  "lessThan": "25.2R2",
                  "status": "affected",
                  "version": "25.2",
                  "versionType": "custom"
                },
                {
                  "lessThan": "25.4R1-S1",
                  "status": "affected",
                  "version": "25.4",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2026-07-08T16:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "A Missing Authorization vulnerability in the CLI of Juniper Networks Junos OS on EX Series allows a local, authenticated attacker to cause a Denial-of-Service (DoS).\u003cbr\u003e\u003cbr\u003e\n\nOn EX2300, EX4000, EX4100, EX4300-MP (Multigigabit) and EX4400 switches, an authenticated, local attacker with no specific permissions or class can execute a specific, privileged CLI \u0027request\u0027 command which will cause complete traffic impact until the system automatically recovers.\u003cbr\u003e\u003cp\u003e\u003cbr\u003eThis issue affects Junos OS on EX2300, EX4000, EX4100, EX4300-MP (Multigigabit) and EX4400:\u003cbr\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003e23.2R2 versions before 23.2R2-S6,\u003c/li\u003e\u003cli\u003e23.4 versions before 23.4R2-S8,\u003c/li\u003e\u003cli\u003e24.2 versions before 24.2R2-S4,\u003c/li\u003e\u003cli\u003e24.4 versions before 24.4R2-S3,\u003c/li\u003e\u003cli\u003e25.2 versions before 25.2R2,\u003c/li\u003e\u003cli\u003e25.4 versions before 25.4R1-S1.\u003c/li\u003e\u003c/ul\u003e\u003cbr\u003e\u003cp\u003e\u003c/p\u003e"
                }
              ],
              "value": "A Missing Authorization vulnerability in the CLI of Juniper Networks Junos OS on EX Series allows a local, authenticated attacker to cause a Denial-of-Service (DoS).\n\n\n\nOn EX2300, EX4000, EX4100, EX4300-MP (Multigigabit) and EX4400 switches, an authenticated, local attacker with no specific permissions or class can execute a specific, privileged CLI \u0027request\u0027 command which will cause complete traffic impact until the system automatically recovers.\n\nThis issue affects Junos OS on EX2300, EX4000, EX4100, EX4300-MP (Multigigabit) and EX4400:\n\n\n  *  23.2R2 versions before 23.2R2-S6,\n  *  23.4 versions before 23.4R2-S8,\n  *  24.2 versions before 24.2R2-S4,\n  *  24.4 versions before 24.4R2-S3,\n  *  25.2 versions before 25.2R2,\n  *  25.4 versions before 25.4R1-S1."
            }
          ],
          "exploits": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
                }
              ],
              "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 5.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            },
            {
              "cvssV4_0": {
                "Automatable": "YES",
                "Recovery": "AUTOMATIC",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "LOCAL",
                "baseScore": 6.8,
                "baseSeverity": "MEDIUM",
                "privilegesRequired": "LOW",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "LOW",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/AU:Y/R:A/RE:M",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "NONE",
                "vulnerabilityResponseEffort": "MODERATE"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-862",
                  "description": "CWE-862 Missing Authorization",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-09T21:03:48.353Z",
            "orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
            "shortName": "juniper"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://supportportal.juniper.net/JSA110077"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "The following software releases have been updated to resolve this specific issue:\n\nJunos OS: 23.2R2-S6, 23.4R2-S8, 24.2R2-S4, 24.4R2-S3, 25.2R2, 25.4R1-S1, 25.4R2, 26.2R1, and all subsequent releases."
                }
              ],
              "value": "The following software releases have been updated to resolve this specific issue:\n\nJunos OS: 23.2R2-S6, 23.4R2-S8, 24.2R2-S4, 24.4R2-S3, 25.2R2, 25.4R1-S1, 25.4R2, 26.2R1, and all subsequent releases."
            }
          ],
          "source": {
            "advisory": "JSA110077",
            "defect": [
              "1921391"
            ],
            "discovery": "USER"
          },
          "title": "Junos OS: EX Series: Unauthorized users can execute service-impacting CLI command",
          "workarounds": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "There are no known workarounds for this issue.\u003cbr\u003eTo reduce the risk of exploitation use command authorization to limit access to \u0027request\u0027 commands.\u003cbr\u003e"
                }
              ],
              "value": "There are no known workarounds for this issue.\nTo reduce the risk of exploitation use command authorization to limit access to \u0027request\u0027 commands."
            }
          ],
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
        "assignerShortName": "juniper",
        "cveId": "CVE-2026-33802",
        "datePublished": "2026-07-09T21:03:48.353Z",
        "dateReserved": "2026-03-23T19:46:13.673Z",
        "dateUpdated": "2026-07-09T21:03:48.353Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-33801 (GCVE-0-2026-33801)

    Vulnerability from nvd – Published: 2026-07-09 21:03 – Updated: 2026-07-09 21:03
    VLAI
    Title
    Junos OS and Junos OS Evolved: When a specifically malformed BGP route update is received RPD crashes
    Summary
    An Improper Check for Unusual or Exceptional Conditions vulnerability in the routing protocol daemon (RPD) of Juniper Networks Junos OS and Junos OS Evolved allows an adjacent, unauthenticated attacker sending a specific BGP update over an established BGP session to cause a Denial-of-Service (DoS). Upon receipt of a specifically malformed non-inet/inet6 unicast BGP update, an RPD crash and restart is triggered, which will cause a complete service outage until routing has reconverged. The rpd crash occurs before the update can be readvertised, so there is no downstream propagation. This issue affects: * Junos OS versions 25.2 before 25.2R2; * Junos OS Evolved versions 25.2 before 25.2R2-EVO. This issue doesn't affect Junos OS versions before 25.2R1 nor Junos OS Evolved versions before 25.2R1-EVO.
    CWE
    • CWE-754 - Improper Check for Unusual or Exceptional Conditions
    Assigner
    References
    Impacted products
    Vendor Product Version
    Juniper Networks Junos OS Affected: 25.2 , < 25.2R2 (custom)
    Create a notification for this product.
    Juniper Networks Junos OS Evolved Affected: 25.2 , < 25.2R2-EVO (custom)
    Create a notification for this product.
    Date Public
    2026-07-08 16:00
    Show details on NVD website

    {
      "containers": {
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Junos OS",
              "vendor": "Juniper Networks",
              "versions": [
                {
                  "lessThan": "25.2R2",
                  "status": "affected",
                  "version": "25.2",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Junos OS Evolved",
              "vendor": "Juniper Networks",
              "versions": [
                {
                  "lessThan": "25.2R2-EVO",
                  "status": "affected",
                  "version": "25.2",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2026-07-08T16:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "An Improper Check for Unusual or Exceptional Conditions vulnerability in the routing protocol daemon (RPD) of Juniper Networks Junos OS and Junos OS Evolved allows an adjacent, unauthenticated attacker sending a specific BGP update over an established BGP session to cause a Denial-of-Service (DoS).\u003cbr\u003e\u003cbr\u003e\u003cp\u003eUpon receipt of a specifically malformed non-inet/inet6 unicast BGP update, an RPD crash and restart is triggered, which will cause a complete service outage until routing has reconverged. The rpd crash occurs before the update can be readvertised, so there is no downstream propagation.\u003c/p\u003e\u003cp\u003e\u003cbr\u003eThis issue affects:\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003eJunos OS versions 25.2 before 25.2R2;\u003c/li\u003e\u003c/ul\u003e\u003cul\u003e\u003cli\u003eJunos OS Evolved versions 25.2 before 25.2R2-EVO.\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003eThis issue doesn\u0027t affect Junos OS versions before 25.2R1 nor Junos OS Evolved versions before 25.2R1-EVO.\u003c/p\u003e"
                }
              ],
              "value": "An Improper Check for Unusual or Exceptional Conditions vulnerability in the routing protocol daemon (RPD) of Juniper Networks Junos OS and Junos OS Evolved allows an adjacent, unauthenticated attacker sending a specific BGP update over an established BGP session to cause a Denial-of-Service (DoS).\n\nUpon receipt of a specifically malformed non-inet/inet6 unicast BGP update, an RPD crash and restart is triggered, which will cause a complete service outage until routing has reconverged. The rpd crash occurs before the update can be readvertised, so there is no downstream propagation.\n\n\nThis issue affects:\n\n\n\n  *  Junos OS versions 25.2 before 25.2R2;\n\n\n  *  Junos OS Evolved versions 25.2 before 25.2R2-EVO.\n\n\n\n\nThis issue doesn\u0027t affect Junos OS versions before 25.2R1 nor Junos OS Evolved versions before 25.2R1-EVO."
            }
          ],
          "exploits": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
                }
              ],
              "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT_NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            },
            {
              "cvssV4_0": {
                "Automatable": "YES",
                "Recovery": "AUTOMATIC",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "ADJACENT",
                "baseScore": 7.1,
                "baseSeverity": "HIGH",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "LOW",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/AU:Y/R:A/RE:M",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "NONE",
                "vulnerabilityResponseEffort": "MODERATE"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-754",
                  "description": "CWE-754 Improper Check for Unusual or Exceptional Conditions",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-09T21:03:24.796Z",
            "orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
            "shortName": "juniper"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://supportportal.juniper.net/JSA110076"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "The following software releases have been updated to resolve this specific issue:\u003cbr\u003eJunos OS: 25.2R2, 25.4R1, and all subsequent releases.\u003cbr\u003eJunos OS Evolved: 25.2R2-EVO, 25.4R1-EVO, and all subsequent releases."
                }
              ],
              "value": "The following software releases have been updated to resolve this specific issue:\nJunos OS: 25.2R2, 25.4R1, and all subsequent releases.\nJunos OS Evolved: 25.2R2-EVO, 25.4R1-EVO, and all subsequent releases."
            }
          ],
          "source": {
            "advisory": "JSA110076",
            "defect": [
              "1907528"
            ],
            "discovery": "USER"
          },
          "title": "Junos OS and Junos OS Evolved: When a specifically malformed BGP route update is received RPD crashes",
          "workarounds": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "There are no known workarounds for this issue."
                }
              ],
              "value": "There are no known workarounds for this issue."
            }
          ],
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
        "assignerShortName": "juniper",
        "cveId": "CVE-2026-33801",
        "datePublished": "2026-07-09T21:03:24.796Z",
        "dateReserved": "2026-03-23T19:46:13.673Z",
        "dateUpdated": "2026-07-09T21:03:24.796Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-33800 (GCVE-0-2026-33800)

    Vulnerability from nvd – Published: 2026-07-09 21:03 – Updated: 2026-07-09 21:03
    VLAI
    Title
    Junos OS: MX Series: In a VC scenario a high rate of micro-BFD session flaps will cause an FPC crash
    Summary
    An Unchecked Input for Loop Condition vulnerability in the Packet Forwarding Engine (pfe) of Juniper Networks Junos OS on MX Series allows an unauthenticated, adjacent attacker to cause a Denial-of-Service (DoS).Micro-BFD session flaps generate respective up/down events which are queued by PFEMAN for processing. Especially in a Virtual-Chassis (VC) scenario with locality‑bias configured, processing takes a significant amount of time for each event. If these sessions keep flapping, new events are constantly added, and in turn PFEMAN never completes processing these events. This results in the PFEMAN watchdog timer expiring, which causes the FPC to crash and restart, representing a complete service outage. This issue only affects MX series FPCs up to and including MPC9. It does not affect MPC10/11, LC4800/9600 and MX304. This issue affects Junos OS on MX Series: * all versions before 23.2R2-S7, * 23.4 versions before 23.4R2-S8, * 24.2 versions before 24.2R2-S4, * 24.4 versions before 24.4R2-S3, * 25.2 versions before 25.2R2.
    CWE
    • CWE-606 - Unchecked Input for Loop Condition
    Assigner
    References
    Impacted products
    Vendor Product Version
    Juniper Networks Junos OS Affected: 0 , < 23.2R2-S7 (custom)
    Affected: 23.4 , < 23.4R2-S8 (custom)
    Affected: 24.2 , < 24.2R2-S4 (custom)
    Affected: 24.4 , < 24.4R2-S3 (custom)
    Affected: 25.2 , < 25.2R2 (custom)
    Create a notification for this product.
    Date Public
    2026-07-08 16:00
    Show details on NVD website

    {
      "containers": {
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "MX Series"
              ],
              "product": "Junos OS",
              "vendor": "Juniper Networks",
              "versions": [
                {
                  "lessThan": "23.2R2-S7",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "23.4R2-S8",
                  "status": "affected",
                  "version": "23.4",
                  "versionType": "custom"
                },
                {
                  "lessThan": "24.2R2-S4",
                  "status": "affected",
                  "version": "24.2",
                  "versionType": "custom"
                },
                {
                  "lessThan": "24.4R2-S3",
                  "status": "affected",
                  "version": "24.4",
                  "versionType": "custom"
                },
                {
                  "lessThan": "25.2R2",
                  "status": "affected",
                  "version": "25.2",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "configurations": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "To be exposed to this issue an MX VC needs to be configured with locality bias as follows:\u003cbr\u003e\u003cbr\u003e\u003ctt\u003e[ virtual-chassis locality-bias ]\u003c/tt\u003e"
                }
              ],
              "value": "To be exposed to this issue an MX VC needs to be configured with locality bias as follows:\n\n[ virtual-chassis locality-bias ]"
            }
          ],
          "datePublic": "2026-07-08T16:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "An Unchecked Input for Loop Condition vulnerability in the Packet Forwarding Engine (pfe) of Juniper Networks Junos OS on MX Series allows an unauthenticated, adjacent attacker to cause a Denial-of-Service (DoS).\u003cp\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eMicro-BFD session flaps generate respective up/down events which are queued by PFEMAN for processing. Especially in a \u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eVirtual-Chassis (VC) scenario with\u0026nbsp;locality\u2011bias configured,\u0026nbsp;\u003c/span\u003eprocessing takes a significant amount of time for each event.\u0026nbsp;If these sessions keep flapping, new events are constantly added, and in turn PFEMAN never completes processing these events. This results in the PFEMAN watchdog timer expiring, which causes the FPC to crash and restart, representing a complete service outage.\u003c/span\u003e\u003cbr\u003e\u003c/p\u003e\u003cp\u003eThis issue only affects MX series FPCs up to and including MPC9. It does not affect MPC10/11, LC4800/9600 and MX304.\u003c/p\u003e\u003cp\u003eThis issue affects Junos OS on MX Series:\u003cbr\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003eall versions before 23.2R2-S7,\u003c/li\u003e\u003cli\u003e23.4 versions before 23.4R2-S8,\u003c/li\u003e\u003cli\u003e24.2 versions before 24.2R2-S4,\u003c/li\u003e\u003cli\u003e24.4 versions before 24.4R2-S3,\u003c/li\u003e\u003cli\u003e25.2 versions before 25.2R2.\u003c/li\u003e\u003c/ul\u003e\u003cbr\u003e\u003cp\u003e\u003c/p\u003e"
                }
              ],
              "value": "An Unchecked Input for Loop Condition vulnerability in the Packet Forwarding Engine (pfe) of Juniper Networks Junos OS on MX Series allows an unauthenticated, adjacent attacker to cause a Denial-of-Service (DoS).Micro-BFD session flaps generate respective up/down events which are queued by PFEMAN for processing. Especially in a Virtual-Chassis (VC) scenario with\u00a0locality\u2011bias configured,\u00a0processing takes a significant amount of time for each event.\u00a0If these sessions keep flapping, new events are constantly added, and in turn PFEMAN never completes processing these events. This results in the PFEMAN watchdog timer expiring, which causes the FPC to crash and restart, representing a complete service outage.\n\n\nThis issue only affects MX series FPCs up to and including MPC9. It does not affect MPC10/11, LC4800/9600 and MX304.\n\nThis issue affects Junos OS on MX Series:\n\n\n  *  all versions before 23.2R2-S7,\n  *  23.4 versions before 23.4R2-S8,\n  *  24.2 versions before 24.2R2-S4,\n  *  24.4 versions before 24.4R2-S3,\n  *  25.2 versions before 25.2R2."
            }
          ],
          "exploits": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
                }
              ],
              "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT_NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            },
            {
              "cvssV4_0": {
                "Automatable": "YES",
                "Recovery": "AUTOMATIC",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "ADJACENT",
                "baseScore": 7.1,
                "baseSeverity": "HIGH",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "LOW",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/AU:Y/R:A/RE:M",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "NONE",
                "vulnerabilityResponseEffort": "MODERATE"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-606",
                  "description": "CWE-606 Unchecked Input for Loop Condition",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-09T21:03:00.614Z",
            "orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
            "shortName": "juniper"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://supportportal.juniper.net/JSA110075"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "The following software releases have been updated to resolve this specific issue:\n\nJunos OS: 23.2R2-S7, 23.4R2-S8, 24.2R2-S4, 24.4R2-S3, 25.2R2, 25.4R1, and all subsequent releases."
                }
              ],
              "value": "The following software releases have been updated to resolve this specific issue:\n\nJunos OS: 23.2R2-S7, 23.4R2-S8, 24.2R2-S4, 24.4R2-S3, 25.2R2, 25.4R1, and all subsequent releases."
            }
          ],
          "source": {
            "advisory": "JSA110075",
            "defect": [
              "1902535"
            ],
            "discovery": "USER"
          },
          "title": "Junos OS: MX Series: In a VC scenario a high rate of micro-BFD session flaps will cause an FPC crash",
          "workarounds": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "To reduce the risk of exploitation, configure BFD with an increased holddown-timer, so that the queued events can be processed before a new up event occurs:\u003cbr\u003e\u003cbr\u003e\u003ctt\u003e[ ... bfd-liveness-detection\u0026nbsp;holddown-interval milliseconds \u0026lt;value\u0026gt; ]\u003c/tt\u003e\u003cbr\u003e\u003cdiv\u003e\u003cbr\u003e\u003c/div\u003e"
                }
              ],
              "value": "To reduce the risk of exploitation, configure BFD with an increased holddown-timer, so that the queued events can be processed before a new up event occurs:\n\n[ ... bfd-liveness-detection\u00a0holddown-interval milliseconds \u003cvalue\u003e ]"
            }
          ],
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
        "assignerShortName": "juniper",
        "cveId": "CVE-2026-33800",
        "datePublished": "2026-07-09T21:03:00.614Z",
        "dateReserved": "2026-03-23T19:46:13.673Z",
        "dateUpdated": "2026-07-09T21:03:00.614Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-33799 (GCVE-0-2026-33799)

    Vulnerability from nvd – Published: 2026-07-09 21:02 – Updated: 2026-07-09 21:02
    VLAI
    Title
    Junos OS and Junos OS Evolved: Receipt of a specific SNMPv3 request results in memory leak and eventual snmpd crash
    Summary
    An Out-of-bounds Write vulnerability in the SNMP daemon (snmpd) of Juniper Networks Junos OS and Junos OS Evolved allows an authenticated network-based attacker sending specific valid SNMPv3 queries to trigger a memory leak. Over time, continuous receipt of these queries will result in snmpd process memory exhaustion, resulting in a process crash and restart, impacting the ability to monitor the system via SNMP. Memory usage can be monitored using the following command: user@device> show system processes extensive | match snmpd This issue affects: Junos OS: * all versions before 21.2R3-S8; * from 21.4 before 21.4R3-S7; * from 22.1 before 22.1R3-S6; * from 22.2 before 22.2R3-S4; * from 22.3 before 22.3R3-S3; * from 22.4 before 22.4R3-S2; * from 23.2 before 23.2R2; * from 23.4 before 23.4R2. Junos OS Evolved: * all versions before 21.2R3-S8-EVO; * from 21.4 before 21.4R3-S7-EVO; * all versions of 22.1-EVO, * from 22.2 before 22.2R3-S4-EVO; * from 22.3 before 22.3R3-S3-EVO; * all versions of 22.4-EVO, * from 23.2 before 23.2R2-EVO; * from 23.4 before 23.4R2-EVO.
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    Juniper Networks Junos OS Affected: 0 , < 21.2R3-S8 (custom)
    Affected: 21.4 , < 21.4R3-S7 (custom)
    Affected: 22.1 , < 22.1R3-S6 (custom)
    Affected: 22.2 , < 22.2R3-S4 (custom)
    Affected: 22.3 , < 22.3R3-S3 (custom)
    Affected: 22.4 , < 22.4R3-S2 (custom)
    Affected: 23.2 , < 23.2R2 (custom)
    Affected: 23.4 , < 23.4R2 (custom)
    Create a notification for this product.
    Juniper Networks Junos OS Evolved Affected: 0 , < 21.2R3-S8-EVO (custom)
    Affected: 21.4 , < 21.4R3-S7-EVO (custom)
    Affected: 22.1 , < 22.1* (custom)
    Affected: 22.2 , < 22.2R3-S4-EVO (custom)
    Affected: 22.3 , < 22.3R3-S3-EVO (custom)
    Affected: 22.4 , < 22.4* (custom)
    Affected: 23.2 , < 23.2R2-EVO (custom)
    Affected: 23.4 , < 23.4R2-EVO (custom)
    Create a notification for this product.
    Date Public
    2026-07-08 16:00
    Show details on NVD website

    {
      "containers": {
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Junos OS",
              "vendor": "Juniper Networks",
              "versions": [
                {
                  "lessThan": "21.2R3-S8",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "21.4R3-S7",
                  "status": "affected",
                  "version": "21.4",
                  "versionType": "custom"
                },
                {
                  "lessThan": "22.1R3-S6",
                  "status": "affected",
                  "version": "22.1",
                  "versionType": "custom"
                },
                {
                  "lessThan": "22.2R3-S4",
                  "status": "affected",
                  "version": "22.2",
                  "versionType": "custom"
                },
                {
                  "lessThan": "22.3R3-S3",
                  "status": "affected",
                  "version": "22.3",
                  "versionType": "custom"
                },
                {
                  "lessThan": "22.4R3-S2",
                  "status": "affected",
                  "version": "22.4",
                  "versionType": "custom"
                },
                {
                  "lessThan": "23.2R2",
                  "status": "affected",
                  "version": "23.2",
                  "versionType": "custom"
                },
                {
                  "lessThan": "23.4R2",
                  "status": "affected",
                  "version": "23.4",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Junos OS Evolved",
              "vendor": "Juniper Networks",
              "versions": [
                {
                  "lessThan": "21.2R3-S8-EVO",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "21.4R3-S7-EVO",
                  "status": "affected",
                  "version": "21.4",
                  "versionType": "custom"
                },
                {
                  "lessThan": "22.1*",
                  "status": "affected",
                  "version": "22.1",
                  "versionType": "custom"
                },
                {
                  "lessThan": "22.2R3-S4-EVO",
                  "status": "affected",
                  "version": "22.2",
                  "versionType": "custom"
                },
                {
                  "lessThan": "22.3R3-S3-EVO",
                  "status": "affected",
                  "version": "22.3",
                  "versionType": "custom"
                },
                {
                  "lessThan": "22.4*",
                  "status": "affected",
                  "version": "22.4",
                  "versionType": "custom"
                },
                {
                  "lessThan": "23.2R2-EVO",
                  "status": "affected",
                  "version": "23.2",
                  "versionType": "custom"
                },
                {
                  "lessThan": "23.4R2-EVO",
                  "status": "affected",
                  "version": "23.4",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "configurations": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "This issue requires that SNMPv3 be configured. For example:\u003cbr\u003e\u003cbr\u003e\u003ctt\u003e[snmp engine-id use-default-ip-address]\u003cbr\u003e[snmp v3 usm local-engine user \u0026lt;username\u0026gt; authentication-\u0026lt;method\u0026gt; ...]\u003cbr\u003e[snmp v3 vacm security-to-group security-model usm security-name \u0026lt;name\u0026gt; group \u0026lt;group\u0026gt;]\u003cbr\u003e[snmp v3 vacm access group \u0026lt;group\u0026gt; default-context-prefix security-model usm security-level \u0026lt;level\u0026gt; ...]\u003c/tt\u003e"
                }
              ],
              "value": "This issue requires that SNMPv3 be configured. For example:\n\n[snmp engine-id use-default-ip-address]\n[snmp v3 usm local-engine user \u003cusername\u003e authentication-\u003cmethod\u003e ...]\n[snmp v3 vacm security-to-group security-model usm security-name \u003cname\u003e group \u003cgroup\u003e]\n[snmp v3 vacm access group \u003cgroup\u003e default-context-prefix security-model usm security-level \u003clevel\u003e ...]"
            }
          ],
          "datePublic": "2026-07-08T16:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "An Out-of-bounds Write vulnerability in the SNMP daemon (snmpd) of Juniper Networks Junos OS and Junos OS Evolved allows an authenticated network-based attacker sending specific valid SNMPv3 queries to trigger a memory leak. Over time, continuous receipt of these queries will result in snmpd process memory exhaustion, resulting in a process crash and restart, impacting the ability to monitor the system via SNMP.\u003cbr\u003e\u003cbr\u003eMemory usage can be monitored using the following command:\u003cbr\u003e\u003cbr\u003e\u003ctt\u003euser@device\u0026gt; show system processes extensive | match snmpd\u003c/tt\u003e\u003cp\u003e\n\n\u003c/p\u003e\u003cp\u003e\u003cbr\u003eThis issue affects:\u003c/p\u003e\u003cp\u003eJunos OS:\u003cbr\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003eall versions before 21.2R3-S8;\u003c/li\u003e\u003cli\u003efrom 21.4 before 21.4R3-S7;\u003c/li\u003e\u003cli\u003efrom 22.1 before 22.1R3-S6;\u003c/li\u003e\u003cli\u003efrom 22.2 before 22.2R3-S4;\u003c/li\u003e\u003cli\u003efrom 22.3 before 22.3R3-S3;\u003c/li\u003e\u003cli\u003efrom 22.4 before 22.4R3-S2;\u003c/li\u003e\u003cli\u003efrom 23.2 before 23.2R2;\u003c/li\u003e\u003cli\u003efrom 23.4 before 23.4R2.\u003c/li\u003e\u003c/ul\u003e\u003cbr\u003eJunos OS Evolved:\u003cbr\u003e\u003cul\u003e\u003cli\u003eall versions before 21.2R3-S8-EVO;\u003c/li\u003e\u003cli\u003efrom 21.4 before 21.4R3-S7-EVO;\u003c/li\u003e\u003cli\u003eall versions of 22.1-EVO,\u003c/li\u003e\u003cli\u003efrom 22.2 before 22.2R3-S4-EVO;\u003c/li\u003e\u003cli\u003efrom 22.3 before 22.3R3-S3-EVO;\u003c/li\u003e\u003cli\u003eall versions of 22.4-EVO,\u003c/li\u003e\u003cli\u003efrom 23.2 before 23.2R2-EVO;\u003c/li\u003e\u003cli\u003efrom 23.4 before 23.4R2-EVO.\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003c/p\u003e"
                }
              ],
              "value": "An Out-of-bounds Write vulnerability in the SNMP daemon (snmpd) of Juniper Networks Junos OS and Junos OS Evolved allows an authenticated network-based attacker sending specific valid SNMPv3 queries to trigger a memory leak. Over time, continuous receipt of these queries will result in snmpd process memory exhaustion, resulting in a process crash and restart, impacting the ability to monitor the system via SNMP.\n\nMemory usage can be monitored using the following command:\n\nuser@device\u003e show system processes extensive | match snmpd\n\n\n\n\nThis issue affects:\n\nJunos OS:\n\n\n  *  all versions before 21.2R3-S8;\n  *  from 21.4 before 21.4R3-S7;\n  *  from 22.1 before 22.1R3-S6;\n  *  from 22.2 before 22.2R3-S4;\n  *  from 22.3 before 22.3R3-S3;\n  *  from 22.4 before 22.4R3-S2;\n  *  from 23.2 before 23.2R2;\n  *  from 23.4 before 23.4R2.\n\n\n\nJunos OS Evolved:\n  *  all versions before 21.2R3-S8-EVO;\n  *  from 21.4 before 21.4R3-S7-EVO;\n  *  all versions of 22.1-EVO,\n  *  from 22.2 before 22.2R3-S4-EVO;\n  *  from 22.3 before 22.3R3-S3-EVO;\n  *  all versions of 22.4-EVO,\n  *  from 23.2 before 23.2R2-EVO;\n  *  from 23.4 before 23.4R2-EVO."
            }
          ],
          "exploits": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
                }
              ],
              "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            },
            {
              "cvssV4_0": {
                "Automatable": "YES",
                "Recovery": "AUTOMATIC",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "privilegesRequired": "LOW",
                "providerUrgency": "GREEN",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "CONCENTRATED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/AU:Y/R:A/V:C/RE:M/U:Green",
                "version": "4.0",
                "vulnAvailabilityImpact": "LOW",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "NONE",
                "vulnerabilityResponseEffort": "MODERATE"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-787",
                  "description": "CWE-787 Out-of-bounds Write",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-09T21:02:31.614Z",
            "orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
            "shortName": "juniper"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://supportportal.juniper.net/JSA110074"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "The following software releases have been updated to resolve this specific issue:\n\nJunos OS: 21.2R3-S8, 21.4R3-S7, 22.1R3-S6, 22.2R3-S4, 22.3R3-S3, 22.4R3-S2, 23.2R2, 23.4R2, 24.2R1, and all subsequent releases.\n\u003cbr\u003e\nJunos OS Evolved: 21.2R3-S8-EVO, 21.4R3-S7-EVO, 22.2R3-S4-EVO, 22.3R3-S3-EVO, 23.2R2-EVO, 23.4R2-EVO, 24.2R1-EVO, and all subsequent releases."
                }
              ],
              "value": "The following software releases have been updated to resolve this specific issue:\n\nJunos OS: 21.2R3-S8, 21.4R3-S7, 22.1R3-S6, 22.2R3-S4, 22.3R3-S3, 22.4R3-S2, 23.2R2, 23.4R2, 24.2R1, and all subsequent releases.\n\n\nJunos OS Evolved: 21.2R3-S8-EVO, 21.4R3-S7-EVO, 22.2R3-S4-EVO, 22.3R3-S3-EVO, 23.2R2-EVO, 23.4R2-EVO, 24.2R1-EVO, and all subsequent releases."
            }
          ],
          "source": {
            "advisory": "JSA110074",
            "defect": [
              "1769065"
            ],
            "discovery": "USER"
          },
          "title": "Junos OS and Junos OS Evolved: Receipt of a specific SNMPv3 request results in memory leak and eventual snmpd crash",
          "workarounds": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "There are no known workarounds for this issue.\u003cbr\u003e\u003cbr\u003eTo reduce the risk of malicious exploitation, use access lists or firewall filters to limit access to the device via SNMPv3 only from trusted hosts."
                }
              ],
              "value": "There are no known workarounds for this issue.\n\nTo reduce the risk of malicious exploitation, use access lists or firewall filters to limit access to the device via SNMPv3 only from trusted hosts."
            }
          ],
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
        "assignerShortName": "juniper",
        "cveId": "CVE-2026-33799",
        "datePublished": "2026-07-09T21:02:31.614Z",
        "dateReserved": "2026-03-23T19:46:13.673Z",
        "dateUpdated": "2026-07-09T21:02:31.614Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-21901 (GCVE-0-2026-21901)

    Vulnerability from nvd – Published: 2026-07-09 21:01 – Updated: 2026-07-09 21:01
    VLAI
    Title
    Junos OS and Junos OS Evolved: Configuration of a specific SSH option results in mgd crash
    Summary
    A NULL Pointer Dereference vulnerability in the management daemon (mgd) of Juniper Networks Junos OS and Junos OS Evolved allows a local, high-privileged attacker setting or deactivating a specific SSH configuration parameter to create a Denial of Service (DoS). A local high-privileged user configuring or deactivating a specific 'system services ssh' configuration parameter can exploit a null pointer dereference in one of the functions used by SSH. The function attempts to dereference a null pointer when accessing certain configuration data, resulting in an mgd process crash and restart. Continued execution of these configuration commands will create a sustained Denial of Service (DoS) condition. This issue affects: Junos OS: * from 22.3 before 22.3R3-S5; * from 22.4 before 22.4R3-S10; * from 23.2 before 23.2R2-S7; * from 23.4 before 23.4R2-S8. This issue does not affect Junos OS before 22.3R1. Junos OS Evolved: * from 22.3R1-EVO before 23.2R2-S7-EVO; * from 23.4 before 23.4R2-S8-EVO. This issue does not affect Junos OS Evolved before 22.3R1-EVO.
    CWE
    • CWE-476 - NULL Pointer Dereference
    Assigner
    References
    Impacted products
    Vendor Product Version
    Juniper Networks Junos OS Affected: 22.3 , < 22.3R3-S5 (custom)
    Affected: 22.4 , < 22.4R3-S10 (custom)
    Affected: 23.2 , < 23.2R2-S7 (custom)
    Affected: 23.4 , < 23.4R2-S8 (custom)
    Unaffected: 0 , < 22.3R1 (custom)
    Create a notification for this product.
    Juniper Networks Junos OS Evolved Affected: 23.2 , < 23.2R2-S7-EVO (custom)
    Affected: 23.4 , < 23.4R2-S8-EVO (custom)
    Unaffected: 0 , < 22.3R1-EVO (custom)
    Create a notification for this product.
    Date Public
    2026-07-08 16:00
    Credits
    Juniper SIRT would like to acknowledge and thank Orange CERT-CC from the Orange group for responsibly reporting this vulnerability.
    Show details on NVD website

    {
      "containers": {
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Junos OS",
              "vendor": "Juniper Networks",
              "versions": [
                {
                  "lessThan": "22.3R3-S5",
                  "status": "affected",
                  "version": "22.3",
                  "versionType": "custom"
                },
                {
                  "lessThan": "22.4R3-S10",
                  "status": "affected",
                  "version": "22.4",
                  "versionType": "custom"
                },
                {
                  "lessThan": "23.2R2-S7",
                  "status": "affected",
                  "version": "23.2",
                  "versionType": "custom"
                },
                {
                  "lessThan": "23.4R2-S8",
                  "status": "affected",
                  "version": "23.4",
                  "versionType": "custom"
                },
                {
                  "lessThan": "22.3R1",
                  "status": "unaffected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Junos OS Evolved",
              "vendor": "Juniper Networks",
              "versions": [
                {
                  "lessThan": "23.2R2-S7-EVO",
                  "status": "affected",
                  "version": "23.2",
                  "versionType": "custom"
                },
                {
                  "lessThan": "23.4R2-S8-EVO",
                  "status": "affected",
                  "version": "23.4",
                  "versionType": "custom"
                },
                {
                  "lessThan": "22.3R1-EVO",
                  "status": "unaffected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Juniper SIRT would like to acknowledge and thank Orange CERT-CC from the Orange group for responsibly reporting this vulnerability."
            }
          ],
          "datePublic": "2026-07-08T16:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "A NULL Pointer Dereference vulnerability in the management daemon (mgd) of Juniper Networks Junos OS and Junos OS Evolved allows a local, high-privileged attacker setting or deactivating a\u0026nbsp;specific SSH configuration parameter to create a Denial of Service (DoS).\u003cbr\u003e\u003cbr\u003eA local high-privileged user configuring or deactivating a specific \u0027system services ssh\u0027 configuration parameter\u0026nbsp;can exploit a null pointer dereference in one of the functions used by SSH. The function attempts to dereference a null pointer when accessing certain configuration data, resulting in an mgd process crash and restart.\u0026nbsp;Continued execution of these configuration commands will create a sustained Denial of Service (DoS) condition.\u003cbr\u003e\u003cp\u003e\u003cbr\u003eThis issue affects:\u003cbr\u003eJunos OS:\u003cbr\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003efrom 22.3 before 22.3R3-S5;\u003c/li\u003e\u003cli\u003efrom 22.4 before 22.4R3-S10;\u003c/li\u003e\u003cli\u003efrom 23.2 before 23.2R2-S7;\u003c/li\u003e\u003cli\u003efrom 23.4 before 23.4R2-S8.\u003c/li\u003e\u003c/ul\u003e\n\nThis issue does not affect Junos OS before 22.3R1.\n\n\u003cbr\u003e\u003cbr\u003eJunos OS Evolved:\u003cbr\u003e\u003cul\u003e\u003cli\u003efrom 22.3R1-EVO before 23.2R2-S7-EVO;\u003c/li\u003e\u003cli\u003efrom 23.4 before 23.4R2-S8-EVO.\u003c/li\u003e\u003c/ul\u003eThis issue does not affect Junos OS Evolved before 22.3R1-EVO.\u003cp\u003e\u003c/p\u003e"
                }
              ],
              "value": "A NULL Pointer Dereference vulnerability in the management daemon (mgd) of Juniper Networks Junos OS and Junos OS Evolved allows a local, high-privileged attacker setting or deactivating a\u00a0specific SSH configuration parameter to create a Denial of Service (DoS).\n\nA local high-privileged user configuring or deactivating a specific \u0027system services ssh\u0027 configuration parameter\u00a0can exploit a null pointer dereference in one of the functions used by SSH. The function attempts to dereference a null pointer when accessing certain configuration data, resulting in an mgd process crash and restart.\u00a0Continued execution of these configuration commands will create a sustained Denial of Service (DoS) condition.\n\nThis issue affects:\nJunos OS:\n\n\n  *  from 22.3 before 22.3R3-S5;\n  *  from 22.4 before 22.4R3-S10;\n  *  from 23.2 before 23.2R2-S7;\n  *  from 23.4 before 23.4R2-S8.\n\n\n\n\nThis issue does not affect Junos OS before 22.3R1.\n\n\n\nJunos OS Evolved:\n  *  from 22.3R1-EVO before 23.2R2-S7-EVO;\n  *  from 23.4 before 23.4R2-S8-EVO.\n\n\nThis issue does not affect Junos OS Evolved before 22.3R1-EVO."
            }
          ],
          "exploits": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
                }
              ],
              "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 4.4,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            },
            {
              "cvssV4_0": {
                "Automatable": "YES",
                "Recovery": "AUTOMATIC",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "LOCAL",
                "baseScore": 6.7,
                "baseSeverity": "MEDIUM",
                "privilegesRequired": "HIGH",
                "providerUrgency": "GREEN",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "DIFFUSE",
                "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/AU:Y/R:A/V:D/RE:M/U:Green",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "NONE",
                "vulnerabilityResponseEffort": "MODERATE"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-476",
                  "description": "CWE-476 NULL Pointer Dereference",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-09T21:01:31.334Z",
            "orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
            "shortName": "juniper"
          },
          "references": [
            {
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://github.com/orangecertcc/security-research/security/advisories/GHSA-g4f7-w2rc-hpj6"
            },
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://supportportal.juniper.net/JSA110072"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "The following software releases have been updated to resolve this specific issue:\u003cbr\u003eJunos OS: 22.3R3-S5, 22.4R3-S10, 23.2R2-S7, 23.4R2-S8, 24.2R1, and all subsequent releases.\n\u003cbr\u003e\nJunos OS Evolved: 23.2R2-S7-EVO, 23.4R2-S8-EVO, 24.2R1-EVO, and all subsequent releases."
                }
              ],
              "value": "The following software releases have been updated to resolve this specific issue:\nJunos OS: 22.3R3-S5, 22.4R3-S10, 23.2R2-S7, 23.4R2-S8, 24.2R1, and all subsequent releases.\n\n\nJunos OS Evolved: 23.2R2-S7-EVO, 23.4R2-S8-EVO, 24.2R1-EVO, and all subsequent releases."
            }
          ],
          "source": {
            "advisory": "JSA110072",
            "defect": [
              "1779319"
            ],
            "discovery": "EXTERNAL"
          },
          "title": "Junos OS and Junos OS Evolved: Configuration of a specific SSH option results in mgd crash",
          "workarounds": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eThere are no direct workarounds for this issue.\u003cbr\u003e\u003cbr\u003e\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eOne of the following mitigations will prevent malicious exploitation:\u003c/span\u003e\u003cbr\u003e\u003cul\u003e\u003c/ul\u003e\u003cul\u003e\u003c/ul\u003e\u003cul\u003e\u003cli\u003eUse access lists or firewall filters to limit access to the CLI only from trusted hosts and administrators.\u003c/li\u003e\u003cli\u003eUtilize command authorization to limit the ability to enter config mode to trusted administrators.\u003c/li\u003e\u003c/ul\u003e\u003c/span\u003e"
                }
              ],
              "value": "There are no direct workarounds for this issue.\n\n\n\nOne of the following mitigations will prevent malicious exploitation:\n\n\n\n\n  *  Use access lists or firewall filters to limit access to the CLI only from trusted hosts and administrators.\n  *  Utilize command authorization to limit the ability to enter config mode to trusted administrators."
            }
          ],
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
        "assignerShortName": "juniper",
        "cveId": "CVE-2026-21901",
        "datePublished": "2026-07-09T21:01:31.334Z",
        "dateReserved": "2026-01-05T17:32:48.709Z",
        "dateUpdated": "2026-07-09T21:01:31.334Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-57054 (GCVE-0-2026-57054)

    Vulnerability from cvelistv5 – Published: 2026-07-09 21:14 – Updated: 2026-07-09 21:14
    VLAI
    Title
    Junos OS: MX Series: Web filtering doesn't block specifically formatted URLs
    Summary
    A Use of Incorrectly-Resolved Name or Reference vulnerability in the URL filtering plugin of Juniper Networks Junos OS on MX Series allows an unauthenticated, network-based attacker to bypass web filtering and access downstream resources that should be unreachable. If an MX Series device is configured with web filtering, and an attacker sends a request with a specifically formatted URL, this request will get forwarded despite the system being configured to block it. In turn, an attacker can access downstream resources that are expected to be unreachable. This issue affects Junos OS on MX Series: * all versions before 23.2R2-S7, * 23.4 versions before 23.4R2-S8, * 24.2 versions before 24.2R2-S5, * 24.4 versions before 24.4R2-S4, * 25.2 versions before 25.2R2-S1, * 25.4 versions before 25.4R1-S2, 25.4R2.
    CWE
    • CWE-706 - Use of Incorrectly-Resolved Name or Reference
    Assigner
    References
    Impacted products
    Vendor Product Version
    Juniper Networks Junos OS Affected: 0 , < 23.2R2-S7 (custom)
    Affected: 23.4 , < 23.4R2-S8 (custom)
    Affected: 24.2 , < 24.2R2-S5 (custom)
    Affected: 24.4 , < 24.4R2-S4 (custom)
    Affected: 25.2 , < 25.2R2-S1 (custom)
    Affected: 25.4 , < 25.4R1-S2, 25.4R2 (custom)
    Create a notification for this product.
    Date Public
    2026-07-08 16:00
    Show details on NVD website

    {
      "containers": {
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "MX Series"
              ],
              "product": "Junos OS",
              "vendor": "Juniper Networks",
              "versions": [
                {
                  "lessThan": "23.2R2-S7",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "23.4R2-S8",
                  "status": "affected",
                  "version": "23.4",
                  "versionType": "custom"
                },
                {
                  "lessThan": "24.2R2-S5",
                  "status": "affected",
                  "version": "24.2",
                  "versionType": "custom"
                },
                {
                  "lessThan": "24.4R2-S4",
                  "status": "affected",
                  "version": "24.4",
                  "versionType": "custom"
                },
                {
                  "lessThan": "25.2R2-S1",
                  "status": "affected",
                  "version": "25.2",
                  "versionType": "custom"
                },
                {
                  "lessThan": "25.4R1-S2, 25.4R2",
                  "status": "affected",
                  "version": "25.4",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "configurations": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "To be exposed to this issue an MX Series device needs to be configured to filter specific URLs as follows:\u003cbr\u003e\u003cbr\u003e\u003ctt\u003e[ services service-set \u0026lt;set-name\u0026gt; web-filter-profile \u0026lt;profile-name\u0026gt; ]\u003cbr\u003e[\u0026nbsp;services web-filter profile \u0026lt;profile-name\u0026gt; url-filter-template \u0026lt;template-name\u0026gt; url-filter-database \u0026lt;file-with-URLs-to-filter\u0026gt; ]\u003c/tt\u003e"
                }
              ],
              "value": "To be exposed to this issue an MX Series device needs to be configured to filter specific URLs as follows:\n\n[ services service-set \u003cset-name\u003e web-filter-profile \u003cprofile-name\u003e ]\n[\u00a0services web-filter profile \u003cprofile-name\u003e url-filter-template \u003ctemplate-name\u003e url-filter-database \u003cfile-with-URLs-to-filter\u003e ]"
            }
          ],
          "datePublic": "2026-07-08T16:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "A Use of Incorrectly-Resolved Name or Reference vulnerability in the URL filtering plugin of Juniper Networks Junos OS on MX Series allows an unauthenticated, network-based attacker to bypass web filtering and access downstream resources that should be unreachable.\u003cbr\u003e\u003cbr\u003e\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eIf an MX Series device is configured with web filtering, and an attacker sends a request with a specifically formatted URL, this request will get forwarded despite the system being configured to block it. In turn, an attacker can access downstream resources that are expected to be unreachable.\u003c/span\u003e\u003cbr\u003e\u003cp\u003e\u003cbr\u003eThis issue affects\u0026nbsp;Junos OS on MX Series:\u003cbr\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003eall versions before 23.2R2-S7,\u003c/li\u003e\u003cli\u003e23.4 versions before 23.4R2-S8,\u003c/li\u003e\u003cli\u003e24.2 versions before 24.2R2-S5,\u003c/li\u003e\u003cli\u003e24.4 versions before 24.4R2-S4,\u003c/li\u003e\u003cli\u003e25.2 versions before 25.2R2-S1,\u003c/li\u003e\u003cli\u003e25.4 versions before 25.4R1-S2, 25.4R2.\u003c/li\u003e\u003c/ul\u003e\u003cbr\u003e\u003cp\u003e\u003c/p\u003e"
                }
              ],
              "value": "A Use of Incorrectly-Resolved Name or Reference vulnerability in the URL filtering plugin of Juniper Networks Junos OS on MX Series allows an unauthenticated, network-based attacker to bypass web filtering and access downstream resources that should be unreachable.\n\n\n\nIf an MX Series device is configured with web filtering, and an attacker sends a request with a specifically formatted URL, this request will get forwarded despite the system being configured to block it. In turn, an attacker can access downstream resources that are expected to be unreachable.\n\nThis issue affects\u00a0Junos OS on MX Series:\n\n\n  *  all versions before 23.2R2-S7,\n  *  23.4 versions before 23.4R2-S8,\n  *  24.2 versions before 24.2R2-S5,\n  *  24.4 versions before 24.4R2-S4,\n  *  25.2 versions before 25.2R2-S1,\n  *  25.4 versions before 25.4R1-S2, 25.4R2."
            }
          ],
          "exploits": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
                }
              ],
              "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.8,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            },
            {
              "cvssV4_0": {
                "Automatable": "YES",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 6.9,
                "baseSeverity": "MEDIUM",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "LOW",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:L/SA:N/AU:Y/RE:M",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "NONE",
                "vulnerabilityResponseEffort": "MODERATE"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-706",
                  "description": "CWE-706 Use of Incorrectly-Resolved Name or Reference",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-09T21:14:33.905Z",
            "orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
            "shortName": "juniper"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://supportportal.juniper.net/JSA110093"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "The following software releases have been updated to resolve this specific issue:\n\nJunos OS: 23.2R2-S7, 23.4R2-S8, 24.2R2-S5, 24.4R2-S4, 25.2R2-S1, 25.4R1-S2, 25.4R2, 26.2R1, and all subsequent releases."
                }
              ],
              "value": "The following software releases have been updated to resolve this specific issue:\n\nJunos OS: 23.2R2-S7, 23.4R2-S8, 24.2R2-S5, 24.4R2-S4, 25.2R2-S1, 25.4R1-S2, 25.4R2, 26.2R1, and all subsequent releases."
            }
          ],
          "source": {
            "advisory": "JSA110093",
            "defect": [
              "1926259"
            ],
            "discovery": "USER"
          },
          "title": "Junos OS: MX Series: Web filtering doesn\u0027t block specifically formatted URLs",
          "workarounds": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "There are no known workarounds for this issue."
                }
              ],
              "value": "There are no known workarounds for this issue."
            }
          ],
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
        "assignerShortName": "juniper",
        "cveId": "CVE-2026-57054",
        "datePublished": "2026-07-09T21:14:33.905Z",
        "dateReserved": "2026-06-23T16:55:07.912Z",
        "dateUpdated": "2026-07-09T21:14:33.905Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-57032 (GCVE-0-2026-57032)

    Vulnerability from cvelistv5 – Published: 2026-07-09 21:14 – Updated: 2026-07-09 21:14
    VLAI
    Title
    Junos OS: EX Series: Subscribing to an unsupported telemetry sensor path causes fxpc process crash
    Summary
    An Improper Handling of Undefined Parameters vulnerability in the packet forwarding engine (pfe) of Juniper Networks Junos OS on EX Series devices allows an authenticated attacker with low privileges to cause a Denial-of-Service (DoS). If an attempt is made to subscribe to an unsupported telemetry sensor path on EX2300, EX3400, EX4000, EX4100 and EX4400 via gRPC, this causes the FPC to crash. This leads to a complete service outage until the module has automatically restarted.  The following log message can be seen when this issue happens: agentd[<PID>]: AGENTD_RESOURCE_NOT_FOUND: No resource name found for <sensor> This issue affects Junos OS on EX2300, EX3400, EX4000, EX4100 and EX4400 devices: * all versions before 23.2R2-S7, * 23.4 versions before 23.4R2-S8, * 24.2 versions before 24.2R2-S5, * 24.4 versions before 24.4R2.
    CWE
    • CWE-236 - Improper Handling of Undefined Parameters
    Assigner
    References
    Impacted products
    Vendor Product Version
    Juniper Networks Junos OS Affected: 0 , < 23.2R2-S7 (custom)
    Affected: 23.4 , < 23.4R2-S8 (custom)
    Affected: 24.2 , < 24.2R2-S5 (custom)
    Affected: 24.4 , < 24.4R2 (custom)
    Create a notification for this product.
    Date Public
    2026-07-08 16:00
    Show details on NVD website

    {
      "containers": {
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "EX3400",
                "EX4100",
                "EX4400",
                "EX2300",
                "EX4000"
              ],
              "product": "Junos OS",
              "vendor": "Juniper Networks",
              "versions": [
                {
                  "lessThan": "23.2R2-S7",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "23.4R2-S8",
                  "status": "affected",
                  "version": "23.4",
                  "versionType": "custom"
                },
                {
                  "lessThan": "24.2R2-S5",
                  "status": "affected",
                  "version": "24.2",
                  "versionType": "custom"
                },
                {
                  "lessThan": "24.4R2",
                  "status": "affected",
                  "version": "24.4",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "configurations": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "To be exposed to this issue gRPC needs to be enabled via at least one of:\u003cbr\u003e\u003cbr\u003e\u003ctt\u003e[ system services http servers ]\u003cbr\u003e[ system services extension-service request-response grpc ]\u003c/tt\u003e"
                }
              ],
              "value": "To be exposed to this issue gRPC needs to be enabled via at least one of:\n\n[ system services http servers ]\n[ system services extension-service request-response grpc ]"
            }
          ],
          "datePublic": "2026-07-08T16:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "An Improper Handling of Undefined Parameters vulnerability in the packet forwarding engine (pfe) of Juniper Networks Junos OS on EX Series devices allows an authenticated attacker with low privileges to cause a Denial-of-Service (DoS).\u003cp\u003e\n\nIf an attempt is made to subscribe to an unsupported telemetry sensor path on EX2300,\u0026nbsp;EX3400,\u0026nbsp;EX4000, EX4100 and EX4400 via gRPC, this causes the FPC to crash. This leads to a complete service outage until the module has automatically restarted.\u0026nbsp;\u003c/p\u003e\u003cp\u003eThe following log message can be seen when this issue happens:\u003c/p\u003e\u003ctt\u003eagentd[\u0026lt;PID\u0026gt;]: AGENTD_RESOURCE_NOT_FOUND: No resource name found for \u0026lt;sensor\u0026gt;\u003c/tt\u003e\u003cp\u003e\u003cbr\u003e\u003c/p\u003e\u003cp\u003eThis issue affects Junos OS on \n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eEX2300, EX3400, EX4000, EX4100 and EX4400\u003c/span\u003e\n\ndevices:\u003cbr\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003eall versions before 23.2R2-S7,\u003c/li\u003e\u003cli\u003e23.4 versions before 23.4R2-S8,\u003c/li\u003e\u003cli\u003e24.2 versions before  24.2R2-S5,\u003c/li\u003e\u003cli\u003e24.4 versions before 24.4R2.\u003c/li\u003e\u003c/ul\u003e\u003cbr\u003e\u003cp\u003e\u003c/p\u003e"
                }
              ],
              "value": "An Improper Handling of Undefined Parameters vulnerability in the packet forwarding engine (pfe) of Juniper Networks Junos OS on EX Series devices allows an authenticated attacker with low privileges to cause a Denial-of-Service (DoS).\n\nIf an attempt is made to subscribe to an unsupported telemetry sensor path on EX2300,\u00a0EX3400,\u00a0EX4000, EX4100 and EX4400 via gRPC, this causes the FPC to crash. This leads to a complete service outage until the module has automatically restarted.\u00a0\n\nThe following log message can be seen when this issue happens:\n\nagentd[\u003cPID\u003e]: AGENTD_RESOURCE_NOT_FOUND: No resource name found for \u003csensor\u003e\n\n\nThis issue affects Junos OS on \n\nEX2300, EX3400, EX4000, EX4100 and EX4400\n\ndevices:\n\n\n  *  all versions before 23.2R2-S7,\n  *  23.4 versions before 23.4R2-S8,\n  *  24.2 versions before  24.2R2-S5,\n  *  24.4 versions before 24.4R2."
            }
          ],
          "exploits": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
                }
              ],
              "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            },
            {
              "cvssV4_0": {
                "Automatable": "YES",
                "Recovery": "AUTOMATIC",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 7.1,
                "baseSeverity": "HIGH",
                "privilegesRequired": "LOW",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "LOW",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/AU:Y/R:A/RE:M",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "NONE",
                "vulnerabilityResponseEffort": "MODERATE"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-236",
                  "description": "CWE-236 Improper Handling of Undefined Parameters",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-09T21:14:11.048Z",
            "orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
            "shortName": "juniper"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://supportportal.juniper.net/JSA110092"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "The following software releases have been updated to resolve this specific issue:\n\nJunos OS: 23.2R2-S7, 23.4R2-S8, 24.2R2-S5, 24.4R2, 25.2R1, and all subsequent releases."
                }
              ],
              "value": "The following software releases have been updated to resolve this specific issue:\n\nJunos OS: 23.2R2-S7, 23.4R2-S8, 24.2R2-S5, 24.4R2, 25.2R1, and all subsequent releases."
            }
          ],
          "source": {
            "advisory": "JSA110092",
            "defect": [
              "1912078"
            ],
            "discovery": "USER"
          },
          "title": "Junos OS: EX Series: Subscribing to an unsupported telemetry sensor path causes fxpc process crash",
          "workarounds": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "There are no known workarounds for this issue.\u003cbr\u003eTo reduce the risk of exploitation use access lists or firewall filters to limit access to the device only from trusted hosts and administrators.\u003cbr\u003e"
                }
              ],
              "value": "There are no known workarounds for this issue.\nTo reduce the risk of exploitation use access lists or firewall filters to limit access to the device only from trusted hosts and administrators."
            }
          ],
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
        "assignerShortName": "juniper",
        "cveId": "CVE-2026-57032",
        "datePublished": "2026-07-09T21:14:11.048Z",
        "dateReserved": "2026-06-23T16:27:00.249Z",
        "dateUpdated": "2026-07-09T21:14:11.048Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-57031 (GCVE-0-2026-57031)

    Vulnerability from cvelistv5 – Published: 2026-07-09 21:13 – Updated: 2026-07-09 21:13
    VLAI
    Title
    Junos OS: MX Series: For subscribers configured on static interfaces, input filters are not in effect
    Summary
    An Improper Check for Unusual or Exceptional Conditions vulnerability in the packet forwarding engine (PFE) of Juniper Networks Junos OS on MX Series allows adjacent subscribers to bypass configured firewall filters. On MX Series devices with MPC10/11, LC4800/9600, and MX304 with subscribers configured on static interfaces, ingress firewall filters are not enforced, so that neither protocol level nor upstream bandwidth limitation are in effect.  This issue affects Junos OS on MX with MPC10/11, LC4800/9600/4802, and MX304: * 23.2 versions from 23.2R2-S1 before 23.2R2-S7, * 23.4 versions from 23.4R2 before 23.4R2-S7, * 24.2 versions before 24.2R2-S3, * 24.4 versions before 24.4R2-S2, * 25.2 versions before 25.2R2.
    CWE
    • CWE-754 - Improper Check for Unusual or Exceptional Conditions
    Assigner
    References
    Impacted products
    Vendor Product Version
    Juniper Networks Junos OS Affected: 23.2R2-S1 , < 23.2R2-S7 (custom)
    Affected: 23.4R2 , < 23.4R2-S7 (custom)
    Affected: 24.2 , < 24.2R2-S3 (custom)
    Affected: 24.4 , < 24.4R2-S2 (custom)
    Affected: 25.2 , < 25.2R2 (custom)
    Create a notification for this product.
    Date Public
    2026-07-08 16:00
    Show details on NVD website

    {
      "containers": {
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "modules": [
                "MPC10",
                "MPC11",
                "LC4800",
                "LC9600",
                "MX304-LMIC16"
              ],
              "platforms": [
                "MX Series"
              ],
              "product": "Junos OS",
              "vendor": "Juniper Networks",
              "versions": [
                {
                  "lessThan": "23.2R2-S7",
                  "status": "affected",
                  "version": "23.2R2-S1",
                  "versionType": "custom"
                },
                {
                  "lessThan": "23.4R2-S7",
                  "status": "affected",
                  "version": "23.4R2",
                  "versionType": "custom"
                },
                {
                  "lessThan": "24.2R2-S3",
                  "status": "affected",
                  "version": "24.2",
                  "versionType": "custom"
                },
                {
                  "lessThan": "24.4R2-S2",
                  "status": "affected",
                  "version": "24.4",
                  "versionType": "custom"
                },
                {
                  "lessThan": "25.2R2",
                  "status": "affected",
                  "version": "25.2",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "configurations": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "To be exposed to this issue a configuration for static subscribers with an input filter is required:\u003cbr\u003e\u003cbr\u003e\n\n\u003ctt\u003e[ system services\u0026nbsp;static-subscribers ]\u003cbr\u003e\u003cbr\u003e\u003c/tt\u003e\u003ctt\u003e[ dynamic-profiles \u0026lt;profile-name\u0026gt; interfaces \u0026lt;interface\u0026gt; unit \u0026lt;unit\u0026gt; family (inet|inet6) filter input \u0026lt;filter-name\u0026gt; ]\u003c/tt\u003e"
                }
              ],
              "value": "To be exposed to this issue a configuration for static subscribers with an input filter is required:\n\n\n\n[ system services\u00a0static-subscribers ]\n\n[ dynamic-profiles \u003cprofile-name\u003e interfaces \u003cinterface\u003e unit \u003cunit\u003e family (inet|inet6) filter input \u003cfilter-name\u003e ]"
            }
          ],
          "datePublic": "2026-07-08T16:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "An Improper Check for Unusual or Exceptional Conditions vulnerability in the packet forwarding engine (PFE) of Juniper Networks Junos OS on MX Series allows adjacent subscribers to bypass configured firewall filters.\u003cbr\u003e\u003cbr\u003e\u003cp\u003eOn MX Series devices with\u0026nbsp;MPC10/11, LC4800/9600, and MX304 with\u0026nbsp;subscribers configured on static interfaces, ingress firewall filters are not enforced, so that neither protocol level nor upstream bandwidth limitation are in effect.\u0026nbsp;\u003c/p\u003e\u003cp\u003e\u003cbr\u003eThis issue affects Junos OS on MX with\u0026nbsp;MPC10/11, LC4800/9600/4802, and MX304:\u003cbr\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003e23.2 versions from 23.2R2-S1 before 23.2R2-S7,\u003c/li\u003e\u003cli\u003e23.4 versions from 23.4R2 before 23.4R2-S7,\u003c/li\u003e\u003cli\u003e24.2 versions before 24.2R2-S3,\u003c/li\u003e\u003cli\u003e24.4 versions before 24.4R2-S2,\u003c/li\u003e\u003cli\u003e25.2 versions before 25.2R2.\u003c/li\u003e\u003c/ul\u003e\u003cbr\u003e\u003cp\u003e\u003c/p\u003e"
                }
              ],
              "value": "An Improper Check for Unusual or Exceptional Conditions vulnerability in the packet forwarding engine (PFE) of Juniper Networks Junos OS on MX Series allows adjacent subscribers to bypass configured firewall filters.\n\nOn MX Series devices with\u00a0MPC10/11, LC4800/9600, and MX304 with\u00a0subscribers configured on static interfaces, ingress firewall filters are not enforced, so that neither protocol level nor upstream bandwidth limitation are in effect.\u00a0\n\n\nThis issue affects Junos OS on MX with\u00a0MPC10/11, LC4800/9600/4802, and MX304:\n\n\n  *  23.2 versions from 23.2R2-S1 before 23.2R2-S7,\n  *  23.4 versions from 23.4R2 before 23.4R2-S7,\n  *  24.2 versions before 24.2R2-S3,\n  *  24.4 versions before 24.4R2-S2,\n  *  25.2 versions before 25.2R2."
            }
          ],
          "exploits": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
                }
              ],
              "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT_NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.7,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            },
            {
              "cvssV4_0": {
                "Automatable": "YES",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "ADJACENT",
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "LOW",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:L/SA:N/AU:Y/RE:M",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "NONE",
                "vulnerabilityResponseEffort": "MODERATE"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-754",
                  "description": "CWE-754 Improper Check for Unusual or Exceptional Conditions",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-09T21:13:46.497Z",
            "orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
            "shortName": "juniper"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://supportportal.juniper.net/JSA110091"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "The following software releases have been updated to resolve this specific issue:\n\nJunos OS: 23.2R2-S7, 23.4R2-S7, 24.2R2-S3, 24.4R2-S2, 25.2R2, 25.4R1, and all subsequent releases."
                }
              ],
              "value": "The following software releases have been updated to resolve this specific issue:\n\nJunos OS: 23.2R2-S7, 23.4R2-S7, 24.2R2-S3, 24.4R2-S2, 25.2R2, 25.4R1, and all subsequent releases."
            }
          ],
          "source": {
            "advisory": "JSA110091",
            "defect": [
              "1902909"
            ],
            "discovery": "USER"
          },
          "title": "Junos OS: MX Series: For subscribers configured on static interfaces, input filters are not in effect",
          "workarounds": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "There are no known workarounds for this issue."
                }
              ],
              "value": "There are no known workarounds for this issue."
            }
          ],
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
        "assignerShortName": "juniper",
        "cveId": "CVE-2026-57031",
        "datePublished": "2026-07-09T21:13:46.497Z",
        "dateReserved": "2026-06-23T16:27:00.249Z",
        "dateUpdated": "2026-07-09T21:13:46.497Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-57030 (GCVE-0-2026-57030)

    Vulnerability from cvelistv5 – Published: 2026-07-09 21:13 – Updated: 2026-07-09 21:13
    VLAI
    Title
    Junos OS: SRX Series: Flow sessions are not getting cleared leading to a DoS
    Summary
    A Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') vulnerability in the packet forwarding engine (PFE) of Juniper Networks Junos OS on SRX Series allows an unauthenticated, network-based attacker to cause a Denial-of-Service (DoS). As part of the stateful traffic processing on SRX Series devices flows are being established, and removed when not needed anymore. During the removal process the timeout of a flow should be set to 3 seconds and consequentially the flow should be removed shortly after. Due to a race condition occurring when setting the timeout there is a chance (the exact conditions are outside the attackers control) that the timeout is instead set to a very high value of larger than 10,000 seconds: user@host> show security flow session | match timeout Session ID: 98784248524, Policy name: PROD-FLOW/4, HA State: Active, Timeout: 85250, Session State: Valid This will lead to an accumulation of flows which can be observed by an ever-increasing value of invalidated sessions in the output of 'show security flow session summary': user@host> show security flow session summary | match invalid Invalidated sessions: 216931These sessions can't be cleared manually with the 'clear security flow session' command, which will either lead to forwarding to stop (and the system needs to be manually recovered with a reboot) or to a flowd core and automatic reboot. This issue affects Junos OS on SRX Series: * 24.2 versions before 24.2R2-S3, * 24.4 versions before 24.4R2-S1, 24.4R2-S2, * 25.2 versions before 25.2R1-S2, 25.2R2. This issue does not affect releases earlier than 24.2R1;
    CWE
    • CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
    Assigner
    References
    Impacted products
    Vendor Product Version
    Juniper Networks Junos OS Affected: 24.2 , < 24.2R2-S3 (custom)
    Affected: 24.4 , < 24.4R2-S1 (custom)
    Affected: 25.2 , < 25.2R1-S2 (custom)
    Unaffected: 0 , < 24.2R1 (custom)
    Create a notification for this product.
    Date Public
    2026-07-08 16:00
    Show details on NVD website

    {
      "containers": {
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "SRX Series"
              ],
              "product": "Junos OS",
              "vendor": "Juniper Networks",
              "versions": [
                {
                  "lessThan": "24.2R2-S3",
                  "status": "affected",
                  "version": "24.2",
                  "versionType": "custom"
                },
                {
                  "lessThan": "24.4R2-S1",
                  "status": "affected",
                  "version": "24.4",
                  "versionType": "custom"
                },
                {
                  "lessThan": "25.2R1-S2",
                  "status": "affected",
                  "version": "25.2",
                  "versionType": "custom"
                },
                {
                  "lessThan": "24.2R1",
                  "status": "unaffected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2026-07-08T16:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "A Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027) vulnerability in the packet forwarding engine (PFE) of Juniper Networks Junos OS on SRX Series allows an unauthenticated, network-based attacker to cause a Denial-of-Service (DoS).\u003cbr\u003e\u003cbr\u003eAs part of the stateful traffic processing on SRX Series devices flows are being established, and removed when not needed anymore. During the removal process the timeout of a flow should be set to 3 seconds and consequentially the flow should be removed shortly after. Due to a race condition occurring when setting the timeout there is a chance (the exact conditions are outside the attackers control) that the timeout is instead set to a very high value of larger than 10,000 seconds:\u003cbr\u003e\u003cbr\u003e\n\n\u003ctt\u003euser@host\u0026gt; show security flow session | match timeout\u003cbr\u003eSession ID: 98784248524, Policy name: PROD-FLOW/4, HA State: Active, Timeout: 85250, Session State: Valid\u003c/tt\u003e\u003cbr\u003e\u003cbr\u003eThis will lead to an accumulation of flows which can be observed by an ever-increasing value of invalidated sessions in the output of \u0027show security flow session summary\u0027:\u003cbr\u003e\u003cbr\u003e\u003ctt\u003euser@host\u0026gt; show security flow session summary | match invalid\u003cbr\u003eInvalidated sessions: 216931\u003c/tt\u003e\u003cp\u003eThese sessions can\u0027t be cleared manually with the \u0027clear security flow session\u0027 command, which will either lead to forwarding to stop (and the system needs to be manually recovered with a reboot) or to a flowd core and automatic reboot.\u003c/p\u003e\u003cp\u003e\u003cbr\u003eThis issue affects Junos OS on SRX Series:\u003cbr\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003e24.2 versions before 24.2R2-S3,\u003c/li\u003e\u003cli\u003e24.4 versions before 24.4R2-S1, 24.4R2-S2,\u003c/li\u003e\u003cli\u003e25.2\u0026nbsp;versions\u0026nbsp;before 25.2R1-S2, 25.2R2.\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003eThis issue does not affect releases earlier than 24.2R1;\u003c/p\u003e"
                }
              ],
              "value": "A Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027) vulnerability in the packet forwarding engine (PFE) of Juniper Networks Junos OS on SRX Series allows an unauthenticated, network-based attacker to cause a Denial-of-Service (DoS).\n\nAs part of the stateful traffic processing on SRX Series devices flows are being established, and removed when not needed anymore. During the removal process the timeout of a flow should be set to 3 seconds and consequentially the flow should be removed shortly after. Due to a race condition occurring when setting the timeout there is a chance (the exact conditions are outside the attackers control) that the timeout is instead set to a very high value of larger than 10,000 seconds:\n\n\n\nuser@host\u003e show security flow session | match timeout\nSession ID: 98784248524, Policy name: PROD-FLOW/4, HA State: Active, Timeout: 85250, Session State: Valid\n\nThis will lead to an accumulation of flows which can be observed by an ever-increasing value of invalidated sessions in the output of \u0027show security flow session summary\u0027:\n\nuser@host\u003e show security flow session summary | match invalid\nInvalidated sessions: 216931These sessions can\u0027t be cleared manually with the \u0027clear security flow session\u0027 command, which will either lead to forwarding to stop (and the system needs to be manually recovered with a reboot) or to a flowd core and automatic reboot.\n\n\nThis issue affects Junos OS on SRX Series:\n\n\n  *  24.2 versions before 24.2R2-S3,\n  *  24.4 versions before 24.4R2-S1, 24.4R2-S2,\n  *  25.2\u00a0versions\u00a0before 25.2R1-S2, 25.2R2.\n\n\n\n\nThis issue does not affect releases earlier than 24.2R1;"
            }
          ],
          "exploits": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
                }
              ],
              "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 5.9,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            },
            {
              "cvssV4_0": {
                "Automatable": "YES",
                "Recovery": "USER",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "PRESENT",
                "attackVector": "NETWORK",
                "baseScore": 8.2,
                "baseSeverity": "HIGH",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "LOW",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/AU:Y/R:U/RE:M",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "NONE",
                "vulnerabilityResponseEffort": "MODERATE"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-362",
                  "description": "CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-09T21:13:12.671Z",
            "orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
            "shortName": "juniper"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://supportportal.juniper.net/JSA110090"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "The following software releases have been updated to resolve this specific issue:\n\nJunos OS: 24.2R2-S3, 24.4R2-S1, 25.2R1-S2, 25.2R2, 25.4R1, and all subsequent releases."
                }
              ],
              "value": "The following software releases have been updated to resolve this specific issue:\n\nJunos OS: 24.2R2-S3, 24.4R2-S1, 25.2R1-S2, 25.2R2, 25.4R1, and all subsequent releases."
            }
          ],
          "source": {
            "advisory": "JSA110090",
            "defect": [
              "1876709"
            ],
            "discovery": "USER"
          },
          "title": "Junos OS: SRX Series: Flow sessions are not getting cleared leading to a DoS",
          "workarounds": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "There are no known workarounds for this issue."
                }
              ],
              "value": "There are no known workarounds for this issue."
            }
          ],
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
        "assignerShortName": "juniper",
        "cveId": "CVE-2026-57030",
        "datePublished": "2026-07-09T21:13:12.671Z",
        "dateReserved": "2026-06-23T16:27:00.249Z",
        "dateUpdated": "2026-07-09T21:13:12.671Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-57027 (GCVE-0-2026-57027)

    Vulnerability from cvelistv5 – Published: 2026-07-09 21:08 – Updated: 2026-07-09 21:08
    VLAI
    Title
    Junos OS: EX4100 Series, EX4400: With sFlow configured in a VC scenario multicast traffic leads to an FPC crash
    Summary
    A Missing Release of Memory after Effective Lifetime vulnerability in the packet forwarding engine (pfe) of Juniper Networks Junos OS on specific EX Series devices allows an unauthenticated adjacent attacker to cause a Denial-of-Service (DoS).When sFlow is configured in a Virtual Chassis (VC) scenario with EX4100 Series or EX4400 Series devices, multicast traffic which is received on one VC member and sent out on another member leads to a memory leak and ultimately an FPC crash and restart. The leak can be monitored by watching the continuous increase of the buffer values in the output of: user@host> show chassis fpc This issue affects Junos OS on EX4100 Series and EX4400: * all versions before 23.2R2-S7, * 23.4 versions before 23.4R2-S7, * 24.2 versions before 24.2R2-S4, * 24.4 versions before 24.4R2.
    CWE
    • CWE-401 - Missing Release of Memory after Effective Lifetime
    Assigner
    References
    Impacted products
    Vendor Product Version
    Juniper Networks Junos OS Affected: 0 , < 23.2R2-S7 (custom)
    Affected: 23.4 , < 23.4R2-S7 (custom)
    Affected: 24.2 , < 24.2R2-S4 (custom)
    Affected: 24.4 , < 24.4R2 (custom)
    Create a notification for this product.
    Date Public
    2026-07-08 16:00
    Show details on NVD website

    {
      "containers": {
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "EX4100 Series",
                "EX4400 Series"
              ],
              "product": "Junos OS",
              "vendor": "Juniper Networks",
              "versions": [
                {
                  "lessThan": "23.2R2-S7",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "23.4R2-S7",
                  "status": "affected",
                  "version": "23.4",
                  "versionType": "custom"
                },
                {
                  "lessThan": "24.2R2-S4",
                  "status": "affected",
                  "version": "24.2",
                  "versionType": "custom"
                },
                {
                  "lessThan": "24.4R2",
                  "status": "affected",
                  "version": "24.4",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "configurations": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "A system is only affected if sFlow for multicast is explicitly enabled with:\u003cbr\u003e\u003cbr\u003e\u003ctt\u003e[ forwarding-options sflow egress-multicast enable ]\u003c/tt\u003e"
                }
              ],
              "value": "A system is only affected if sFlow for multicast is explicitly enabled with:\n\n[ forwarding-options sflow egress-multicast enable ]"
            }
          ],
          "datePublic": "2026-07-08T16:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "A Missing Release of Memory after Effective Lifetime vulnerability in the packet forwarding engine (pfe) of Juniper Networks Junos OS on specific EX Series devices allows an unauthenticated adjacent attacker to cause a Denial-of-Service (DoS).\u003cp\u003eWhen sFlow is configured in a Virtual Chassis (VC) scenario with EX4100 Series or EX4400 Series devices, multicast traffic which is received on one VC member and sent out on another member leads to a memory leak and ultimately an FPC crash and restart.\u003c/p\u003eThe leak can be monitored by watching the continuous increase of the buffer values in the output of:\u003cbr\u003e\u003cbr\u003e\u003ctt\u003euser@host\u0026gt; show chassis fpc\u003c/tt\u003e \u003cp\u003e\u003cbr\u003eThis issue affects Junos OS on\u0026nbsp;\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eEX4100 Series and EX4400\u003c/span\u003e:\u003cbr\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003eall versions before 23.2R2-S7,\u003c/li\u003e\u003cli\u003e23.4 versions before 23.4R2-S7,\u003c/li\u003e\u003cli\u003e24.2 versions before 24.2R2-S4,\u003c/li\u003e\u003cli\u003e24.4 versions before 24.4R2.\u003c/li\u003e\u003c/ul\u003e\u003cbr\u003e"
                }
              ],
              "value": "A Missing Release of Memory after Effective Lifetime vulnerability in the packet forwarding engine (pfe) of Juniper Networks Junos OS on specific EX Series devices allows an unauthenticated adjacent attacker to cause a Denial-of-Service (DoS).When sFlow is configured in a Virtual Chassis (VC) scenario with EX4100 Series or EX4400 Series devices, multicast traffic which is received on one VC member and sent out on another member leads to a memory leak and ultimately an FPC crash and restart.\n\nThe leak can be monitored by watching the continuous increase of the buffer values in the output of:\n\nuser@host\u003e show chassis fpc \nThis issue affects Junos OS on\u00a0EX4100 Series and EX4400:\n\n\n  *  all versions before 23.2R2-S7,\n  *  23.4 versions before 23.4R2-S7,\n  *  24.2 versions before 24.2R2-S4,\n  *  24.4 versions before 24.4R2."
            }
          ],
          "exploits": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
                }
              ],
              "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT_NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            },
            {
              "cvssV4_0": {
                "Automatable": "YES",
                "Recovery": "AUTOMATIC",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "ADJACENT",
                "baseScore": 7.1,
                "baseSeverity": "HIGH",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "LOW",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/AU:Y/R:A/RE:M",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "NONE",
                "vulnerabilityResponseEffort": "MODERATE"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-401",
                  "description": "CWE-401 Missing Release of Memory after Effective Lifetime",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-09T21:08:07.684Z",
            "orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
            "shortName": "juniper"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://supportportal.juniper.net/JSA110087"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "The following software releases have been updated to resolve this specific issue:\n\nJunos OS: 23.2R2-S7, 23.4R2-S7, 24.2R2-S4, 24.4R2, 25.2R1, and all subsequent releases."
                }
              ],
              "value": "The following software releases have been updated to resolve this specific issue:\n\nJunos OS: 23.2R2-S7, 23.4R2-S7, 24.2R2-S4, 24.4R2, 25.2R1, and all subsequent releases."
            }
          ],
          "source": {
            "advisory": "JSA110087",
            "defect": [
              "1824592"
            ],
            "discovery": "USER"
          },
          "title": "Junos OS: EX4100 Series, EX4400: With sFlow configured in a VC scenario multicast traffic leads to an FPC crash",
          "workarounds": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "There are no known workarounds for this issue."
                }
              ],
              "value": "There are no known workarounds for this issue."
            }
          ],
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
        "assignerShortName": "juniper",
        "cveId": "CVE-2026-57027",
        "datePublished": "2026-07-09T21:08:07.684Z",
        "dateReserved": "2026-06-23T16:27:00.248Z",
        "dateUpdated": "2026-07-09T21:08:07.684Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-57026 (GCVE-0-2026-57026)

    Vulnerability from cvelistv5 – Published: 2026-07-09 21:07 – Updated: 2026-07-09 21:07
    VLAI
    Title
    Junos OS: MX Series with SPC3, SRX Series: Processing of a specifically malformed SIP invite causes a flowd crash
    Summary
    An Improper Validation of Syntactic Correctness of Input vulnerability in the SIP plugin of Juniper Networks Junos OS on MX Series with SPC3 and SRX Series allows an unauthenticated, network-based attacker to cause a Denial-of-Service (DoS).If the SIP ALG is enabled on an affected device, the processing of a malformed SIP invite packet will cause a flow processing daemon (flowd) crash and restart. This leads to a complete service outage until the system has automatically recovered. This issue affects Junos OS on MX Series with SPC3 and SRX Series: * all versions before 23.2R2-S7, * 23.4 versions before 23.4R2-S8, * 24.2 versions before 24.2R2-S5, * 24.4 versions before 24.4R2-S4, * 25.2 versions before 25.2R2, * 25.4 versions before 25.4R1-S2.
    CWE
    • CWE-1286 - Improper Validation of Syntactic Correctness of Input
    Assigner
    References
    Impacted products
    Vendor Product Version
    Juniper Networks Junos OS Affected: 0 , < 23.2R2-S7 (custom)
    Affected: 23.4 , < 23.4R2-S8 (custom)
    Affected: 24.2 , < 24.2R2-S5 (custom)
    Affected: 24.4 , < 24.4R2-S4 (custom)
    Affected: 25.2 , < 25.2R2 (custom)
    Affected: 25.4 , < 25.4R1-S2 (custom)
    Create a notification for this product.
    Date Public
    2026-07-08 16:00
    Show details on NVD website

    {
      "containers": {
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "SRX Series",
                "MX Series with SPC3"
              ],
              "product": "Junos OS",
              "vendor": "Juniper Networks",
              "versions": [
                {
                  "lessThan": "23.2R2-S7",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "23.4R2-S8",
                  "status": "affected",
                  "version": "23.4",
                  "versionType": "custom"
                },
                {
                  "lessThan": "24.2R2-S5",
                  "status": "affected",
                  "version": "24.2",
                  "versionType": "custom"
                },
                {
                  "lessThan": "24.4R2-S4",
                  "status": "affected",
                  "version": "24.4",
                  "versionType": "custom"
                },
                {
                  "lessThan": "25.2R2",
                  "status": "affected",
                  "version": "25.2",
                  "versionType": "custom"
                },
                {
                  "lessThan": "25.4R1-S2",
                  "status": "affected",
                  "version": "25.4",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "configurations": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "To be affected the SIP ALG needs to be enabled, either implicitly / by default or by way of configuration. Please verify with:\u003cbr\u003e\u003cbr\u003e\u003ctt\u003euser@host\u0026gt; show security alg status | match sip\u003cbr\u003eSIP : Enabled\u003c/tt\u003e"
                }
              ],
              "value": "To be affected the SIP ALG needs to be enabled, either implicitly / by default or by way of configuration. Please verify with:\n\nuser@host\u003e show security alg status | match sip\nSIP : Enabled"
            }
          ],
          "datePublic": "2026-07-08T16:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "An Improper Validation of Syntactic Correctness of Input vulnerability in the SIP plugin of Juniper Networks Junos OS on MX Series with SPC3 and SRX Series allows an unauthenticated, network-based attacker to cause a Denial-of-Service (DoS).\u003cp\u003eIf the SIP ALG is enabled on an affected device, the processing of a malformed SIP invite packet will cause a flow processing daemon (flowd) crash and restart. This leads to a complete service outage until the system has automatically recovered.\u003cbr\u003e\u003c/p\u003e\u003cp\u003e\u003cbr\u003eThis issue affects Junos OS on MX Series with SPC3 and SRX Series:\u003cbr\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003eall versions before 23.2R2-S7,\u003c/li\u003e\u003cli\u003e23.4 versions before 23.4R2-S8,\u003c/li\u003e\u003cli\u003e24.2 versions before 24.2R2-S5,\u003c/li\u003e\u003cli\u003e24.4 versions before 24.4R2-S4,\u003c/li\u003e\u003cli\u003e25.2 versions before 25.2R2,\u003c/li\u003e\u003cli\u003e25.4 versions before 25.4R1-S2.\u003c/li\u003e\u003c/ul\u003e\u003cbr\u003e\u003cp\u003e\u003c/p\u003e"
                }
              ],
              "value": "An Improper Validation of Syntactic Correctness of Input vulnerability in the SIP plugin of Juniper Networks Junos OS on MX Series with SPC3 and SRX Series allows an unauthenticated, network-based attacker to cause a Denial-of-Service (DoS).If the SIP ALG is enabled on an affected device, the processing of a malformed SIP invite packet will cause a flow processing daemon (flowd) crash and restart. This leads to a complete service outage until the system has automatically recovered.\n\n\n\nThis issue affects Junos OS on MX Series with SPC3 and SRX Series:\n\n\n  *  all versions before 23.2R2-S7,\n  *  23.4 versions before 23.4R2-S8,\n  *  24.2 versions before 24.2R2-S5,\n  *  24.4 versions before 24.4R2-S4,\n  *  25.2 versions before 25.2R2,\n  *  25.4 versions before 25.4R1-S2."
            }
          ],
          "exploits": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
                }
              ],
              "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            },
            {
              "cvssV4_0": {
                "Automatable": "YES",
                "Recovery": "AUTOMATIC",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 8.7,
                "baseSeverity": "HIGH",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "LOW",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/AU:Y/R:A/RE:M",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "NONE",
                "vulnerabilityResponseEffort": "MODERATE"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-1286",
                  "description": "CWE-1286 Improper Validation of Syntactic Correctness of Input",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-09T21:07:44.855Z",
            "orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
            "shortName": "juniper"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://supportportal.juniper.net/JSA110086"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "The following software releases have been updated to resolve this specific issue:\n\nJunos OS: 23.2R2-S7, 23.4R2-S8, 24.2R2-S5, 24.4R2-S4, 25.2R2, 25.4R1-S2, 25.4R2, 26.2R1, and all subsequent releases."
                }
              ],
              "value": "The following software releases have been updated to resolve this specific issue:\n\nJunos OS: 23.2R2-S7, 23.4R2-S8, 24.2R2-S5, 24.4R2-S4, 25.2R2, 25.4R1-S2, 25.4R2, 26.2R1, and all subsequent releases."
            }
          ],
          "source": {
            "advisory": "JSA110086",
            "defect": [
              "1932051"
            ],
            "discovery": "USER"
          },
          "title": "Junos OS: MX Series with SPC3, SRX Series: Processing of a specifically malformed SIP invite causes a flowd crash",
          "workarounds": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "There are no known workarounds for this issue.\u003cbr\u003e\u003cbr\u003e\n\n\u003cspan style=\"background-color: rgb(251, 251, 251);\"\u003eTo reduce the risk of exploitation customers not requiring the SIP ALG functionality could explicitly disable it (in case it\u0027s by default enabled) by configuring:\u003c/span\u003e\u003cbr\u003e\u003cbr\u003e\u003ctt\u003e[ security alg sip disable ]\u003c/tt\u003e\n\n\u003cbr\u003e"
                }
              ],
              "value": "There are no known workarounds for this issue.\n\n\n\nTo reduce the risk of exploitation customers not requiring the SIP ALG functionality could explicitly disable it (in case it\u0027s by default enabled) by configuring:\n\n[ security alg sip disable ]"
            }
          ],
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
        "assignerShortName": "juniper",
        "cveId": "CVE-2026-57026",
        "datePublished": "2026-07-09T21:07:44.855Z",
        "dateReserved": "2026-06-23T16:27:00.248Z",
        "dateUpdated": "2026-07-09T21:07:44.855Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-57025 (GCVE-0-2026-57025)

    Vulnerability from cvelistv5 – Published: 2026-07-09 21:07 – Updated: 2026-07-09 21:07
    VLAI
    Title
    Junos OS and Junos OS Evolved: EX Series, QFX Series, MX Series: A specific 'show l2-learning' command causes l2ald crash
    Summary
    A Return of Pointer Value Outside of Expected Range vulnerability in the fileio library of Juniper Networks Junos OS and Junos OS Evolved allows a local, low-privilged attacker to cause a Denial-of-Service (DoS). On EX Series, QFX Series and MX Series a low-privileged attacker issuing a specific 'show l2-learning' command will cause an l2ald crash which will lead to a temporary service impact for all layer 2 services until the process has automatically restarted. This issue affects EX Series, QFX Series, MX Series: Junos OS: * all versions before 23.2R2-S7, * 23.4 versions before 23.4R2-S7, * 24.2 versions before 24.2R2, * 24.4 versions before 24.4R1-S2. Junos OS Evolved: * all versions before 23.2R2-S7-EVO, * 23.4 versions before 23.4R2-S8-EVO, * 24.2 versions before 24.2R2-EVO, * 24.4 versions before 24.4R1-S3-EVO.
    CWE
    • CWE-466 - Return of Pointer Value Outside of Expected Range
    Assigner
    References
    Impacted products
    Vendor Product Version
    Juniper Networks Junos OS Affected: 0 , < 23.2R2-S7 (custom)
    Affected: 23.4 , < 23.4R2-S7 (custom)
    Affected: 24.2 , < 24.2R2 (custom)
    Affected: 24.4 , < 24.4R1-S2 (custom)
    Create a notification for this product.
    Juniper Networks Junos OS Evolved Affected: 0 , < 23.2R2-S7-EVO (custom)
    Affected: 23.4 , < 23.4R2-S8-EVO (custom)
    Affected: 24.2 , < 24.2R2-EVO (custom)
    Affected: 24.4 , < 24.4R1-S3-EVO (custom)
    Create a notification for this product.
    Date Public
    2026-07-08 16:00
    Show details on NVD website

    {
      "containers": {
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "EX Series",
                "QFX Series",
                "MX Series"
              ],
              "product": "Junos OS",
              "vendor": "Juniper Networks",
              "versions": [
                {
                  "lessThan": "23.2R2-S7",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "23.4R2-S7",
                  "status": "affected",
                  "version": "23.4",
                  "versionType": "custom"
                },
                {
                  "lessThan": "24.2R2",
                  "status": "affected",
                  "version": "24.2",
                  "versionType": "custom"
                },
                {
                  "lessThan": "24.4R1-S2",
                  "status": "affected",
                  "version": "24.4",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Junos OS Evolved",
              "vendor": "Juniper Networks",
              "versions": [
                {
                  "lessThan": "23.2R2-S7-EVO",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "23.4R2-S8-EVO",
                  "status": "affected",
                  "version": "23.4",
                  "versionType": "custom"
                },
                {
                  "lessThan": "24.2R2-EVO",
                  "status": "affected",
                  "version": "24.2",
                  "versionType": "custom"
                },
                {
                  "lessThan": "24.4R1-S3-EVO",
                  "status": "affected",
                  "version": "24.4",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2026-07-08T16:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "A Return of Pointer Value Outside of Expected Range vulnerability in the fileio library of Juniper Networks Junos OS and Junos OS Evolved allows a local, low-privilged attacker to cause a Denial-of-Service (DoS).\u003cbr\u003e\u003cbr\u003eOn EX Series, QFX Series and MX Series a\u0026nbsp;low-privileged attacker issuing a specific \u0027show l2-learning\u0027 command will cause an l2ald crash which will lead to a temporary service impact for all layer 2 services until the process has automatically restarted.\u003cbr\u003e\u003cp\u003e\u003cbr\u003eThis issue affects EX Series, QFX Series, MX Series:\u003cbr\u003eJunos OS:\u003cbr\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003eall versions before 23.2R2-S7,\u003c/li\u003e\u003cli\u003e23.4 versions before 23.4R2-S7,\u003c/li\u003e\u003cli\u003e24.2 versions before 24.2R2,\u003c/li\u003e\u003cli\u003e24.4 versions before 24.4R1-S2.\u003c/li\u003e\u003c/ul\u003e\u003cbr\u003eJunos OS Evolved:\u003cbr\u003e\u003cul\u003e\u003cli\u003eall versions before 23.2R2-S7-EVO,\u003c/li\u003e\u003cli\u003e23.4 versions before 23.4R2-S8-EVO,\u003c/li\u003e\u003cli\u003e24.2 versions before 24.2R2-EVO,\u003c/li\u003e\u003cli\u003e24.4 versions before 24.4R1-S3-EVO.\u003c/li\u003e\u003c/ul\u003e\u003cbr\u003e\u003cp\u003e\u003c/p\u003e"
                }
              ],
              "value": "A Return of Pointer Value Outside of Expected Range vulnerability in the fileio library of Juniper Networks Junos OS and Junos OS Evolved allows a local, low-privilged attacker to cause a Denial-of-Service (DoS).\n\nOn EX Series, QFX Series and MX Series a\u00a0low-privileged attacker issuing a specific \u0027show l2-learning\u0027 command will cause an l2ald crash which will lead to a temporary service impact for all layer 2 services until the process has automatically restarted.\n\nThis issue affects EX Series, QFX Series, MX Series:\nJunos OS:\n\n\n  *  all versions before 23.2R2-S7,\n  *  23.4 versions before 23.4R2-S7,\n  *  24.2 versions before 24.2R2,\n  *  24.4 versions before 24.4R1-S2.\n\n\n\nJunos OS Evolved:\n  *  all versions before 23.2R2-S7-EVO,\n  *  23.4 versions before 23.4R2-S8-EVO,\n  *  24.2 versions before 24.2R2-EVO,\n  *  24.4 versions before 24.4R1-S3-EVO."
            }
          ],
          "exploits": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
                }
              ],
              "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 5.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            },
            {
              "cvssV4_0": {
                "Automatable": "YES",
                "Recovery": "AUTOMATIC",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "LOCAL",
                "baseScore": 6.8,
                "baseSeverity": "MEDIUM",
                "privilegesRequired": "LOW",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "LOW",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/AU:Y/R:A/RE:M",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "NONE",
                "vulnerabilityResponseEffort": "MODERATE"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-466",
                  "description": "CWE-466 Return of Pointer Value Outside of Expected Range",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-09T21:07:20.486Z",
            "orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
            "shortName": "juniper"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://supportportal.juniper.net/JSA110085"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "The following software releases have been updated to resolve this specific issue:\u003cbr\u003eJunos OS: 23.2R2-S7, 23.4R2-S7, 24.2R2, 24.4R1-S2, 24.4R2, 25.2R1, and all subsequent releases;\u003cbr\u003eJunos OS Evolved: 23.2R2-S7-EVO, 23.4R2-S8-EVO, 24.2R2-EVO, 24.4R1-S3-EVO, 24.4R2-EVO, 25.2R1-EVO, and all subsequent releases."
                }
              ],
              "value": "The following software releases have been updated to resolve this specific issue:\nJunos OS: 23.2R2-S7, 23.4R2-S7, 24.2R2, 24.4R1-S2, 24.4R2, 25.2R1, and all subsequent releases;\nJunos OS Evolved: 23.2R2-S7-EVO, 23.4R2-S8-EVO, 24.2R2-EVO, 24.4R1-S3-EVO, 24.4R2-EVO, 25.2R1-EVO, and all subsequent releases."
            }
          ],
          "source": {
            "advisory": "JSA110085",
            "defect": [
              "1861779"
            ],
            "discovery": "INTERNAL"
          },
          "title": "Junos OS and Junos OS Evolved: EX Series, QFX Series, MX Series: A specific \u0027show l2-learning\u0027 command causes l2ald crash",
          "workarounds": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "There are no known workarounds for this issue.\u003cbr\u003e\u003cbr\u003eTo reduce the risk of exploitation use access lists or firewall filters to limit access to the CLI only from trusted hosts and administrators.\u003cbr\u003e"
                }
              ],
              "value": "There are no known workarounds for this issue.\n\nTo reduce the risk of exploitation use access lists or firewall filters to limit access to the CLI only from trusted hosts and administrators."
            }
          ],
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
        "assignerShortName": "juniper",
        "cveId": "CVE-2026-57025",
        "datePublished": "2026-07-09T21:07:20.486Z",
        "dateReserved": "2026-06-23T16:27:00.248Z",
        "dateUpdated": "2026-07-09T21:07:20.486Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-57024 (GCVE-0-2026-57024)

    Vulnerability from cvelistv5 – Published: 2026-07-09 21:06 – Updated: 2026-07-09 21:06
    VLAI
    Title
    Junos OS: MX with SPC3, SRX Series: Repeated VPN negotiation failures will eventually cause iked to crash continuously
    Summary
    A Use of Multiple Resources with Duplicate Identifier vulnerability in the IKE daemon (iked) of Juniper Networks Junos OS on MX with SPC3 and SRX Series allows an unauthenticated, network-based attacker to cause a Denial-of-Service (DoS). On an MX with SPC3 and SRX devices configured for VPN service, when a large number of VPN negotiations fail a peer index rollover will eventually occur. As a result, new peers are assigned index values that are already in use and the iked process starts to crash repeatedly. This results in failure to establish new VPN connections and rekeying existing ones. To restore service the system must be rebooted. Please note that the index value can't be monitored, so customers should monitor tunnel up and down events and if a lot of events occur over an extended period of time it becomes likely that this issue occurs. To be exposed to this issue the system needs to run iked (vs. kmd which is not affected), which can be verified with: user@host> show system processes extensive | match "KMD|IKED" This issue affects Junos OS on MX with SPC3, SRX Series: * all versions before 23.2R2-S7, * 23.4 versions before 23.4R2-S6, * 24.2 versions before 24.2R2-S3, * 24.4 versions before 24.4R2-S4, * 25.2 versions before 25.2R1-S1.
    CWE
    • CWE-694 - Use of Multiple Resources with Duplicate Identifier
    Assigner
    References
    Impacted products
    Vendor Product Version
    Juniper Networks Junos OS Affected: 0 , < 23.2R2-S7 (custom)
    Affected: 23.4 , < 23.4R2-S6 (custom)
    Affected: 24.2 , < 24.2R2-S3 (custom)
    Affected: 24.4 , < 24.4R2-S4 (custom)
    Affected: 25.2 , < 25.2R1-S1 (custom)
    Create a notification for this product.
    Date Public
    2026-07-08 16:00
    Show details on NVD website

    {
      "containers": {
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "SRX Series",
                "MX with SPC3"
              ],
              "product": "Junos OS",
              "vendor": "Juniper Networks",
              "versions": [
                {
                  "lessThan": "23.2R2-S7",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "23.4R2-S6",
                  "status": "affected",
                  "version": "23.4",
                  "versionType": "custom"
                },
                {
                  "lessThan": "24.2R2-S3",
                  "status": "affected",
                  "version": "24.2",
                  "versionType": "custom"
                },
                {
                  "lessThan": "24.4R2-S4",
                  "status": "affected",
                  "version": "24.4",
                  "versionType": "custom"
                },
                {
                  "lessThan": "25.2R1-S1",
                  "status": "affected",
                  "version": "25.2",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2026-07-08T16:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "A Use of Multiple Resources with Duplicate Identifier vulnerability in the IKE daemon (iked) of Juniper Networks Junos OS on MX with SPC3 and SRX Series allows an unauthenticated, network-based attacker to cause a Denial-of-Service (DoS).\u003cbr\u003e\n\n\u003cbr\u003eOn an MX with SPC3 and SRX devices configured for VPN service, when a large number of VPN negotiations fail\u0026nbsp;a peer index rollover will eventually occur. As a result, new peers are assigned index values that are already in use and the iked process starts to crash repeatedly. This results in failure to establish new VPN connections and rekeying existing ones. To restore service the system must be rebooted.\u003cbr\u003ePlease note that the index value can\u0027t be monitored, so customers should monitor tunnel up and down events and if a lot of events occur over an extended period of time it becomes likely that this issue occurs.\u003cbr\u003e\u003cbr\u003eTo be exposed to this issue the system needs to run iked (vs. kmd which is not affected), which can be verified with:\u003cbr\u003e\u003cbr\u003e\u003ctt\u003euser@host\u0026gt; show system processes extensive | match \"KMD|IKED\"\u003c/tt\u003e\u003cp\u003e\u003cbr\u003eThis issue affects Junos OS on MX with SPC3, SRX Series:\u003cbr\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003eall versions before 23.2R2-S7,\u003c/li\u003e\u003cli\u003e23.4 versions before 23.4R2-S6,\u003c/li\u003e\u003cli\u003e24.2 versions before 24.2R2-S3,\u003c/li\u003e\u003cli\u003e24.4 versions before 24.4R2-S4,\u003c/li\u003e\u003cli\u003e25.2 versions before 25.2R1-S1.\u003c/li\u003e\u003c/ul\u003e\u003cbr\u003e"
                }
              ],
              "value": "A Use of Multiple Resources with Duplicate Identifier vulnerability in the IKE daemon (iked) of Juniper Networks Junos OS on MX with SPC3 and SRX Series allows an unauthenticated, network-based attacker to cause a Denial-of-Service (DoS).\n\n\n\nOn an MX with SPC3 and SRX devices configured for VPN service, when a large number of VPN negotiations fail\u00a0a peer index rollover will eventually occur. As a result, new peers are assigned index values that are already in use and the iked process starts to crash repeatedly. This results in failure to establish new VPN connections and rekeying existing ones. To restore service the system must be rebooted.\nPlease note that the index value can\u0027t be monitored, so customers should monitor tunnel up and down events and if a lot of events occur over an extended period of time it becomes likely that this issue occurs.\n\nTo be exposed to this issue the system needs to run iked (vs. kmd which is not affected), which can be verified with:\n\nuser@host\u003e show system processes extensive | match \"KMD|IKED\"\nThis issue affects Junos OS on MX with SPC3, SRX Series:\n\n\n  *  all versions before 23.2R2-S7,\n  *  23.4 versions before 23.4R2-S6,\n  *  24.2 versions before 24.2R2-S3,\n  *  24.4 versions before 24.4R2-S4,\n  *  25.2 versions before 25.2R1-S1."
            }
          ],
          "exploits": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
                }
              ],
              "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            },
            {
              "cvssV4_0": {
                "Automatable": "YES",
                "Recovery": "USER",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 6.9,
                "baseSeverity": "MEDIUM",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "LOW",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:L/AU:Y/R:U/RE:M",
                "version": "4.0",
                "vulnAvailabilityImpact": "LOW",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "NONE",
                "vulnerabilityResponseEffort": "MODERATE"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-694",
                  "description": "CWE-694 Use of Multiple Resources with Duplicate Identifier",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-09T21:06:57.585Z",
            "orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
            "shortName": "juniper"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://supportportal.juniper.net/JSA110084"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "The following software releases have been updated to resolve this specific issue:\n\nJunos OS: 23.2R2-S7, 23.4R2-S6, 24.2R2-S3, 24.4R2-S4, 25.2R1-S1, 25.2R2, 25.4R1, and all subsequent releases."
                }
              ],
              "value": "The following software releases have been updated to resolve this specific issue:\n\nJunos OS: 23.2R2-S7, 23.4R2-S6, 24.2R2-S3, 24.4R2-S4, 25.2R1-S1, 25.2R2, 25.4R1, and all subsequent releases."
            }
          ],
          "source": {
            "advisory": "JSA110084",
            "defect": [
              "1889298"
            ],
            "discovery": "USER"
          },
          "title": "Junos OS: MX with SPC3, SRX Series: Repeated VPN negotiation failures will eventually cause iked to crash continuously",
          "workarounds": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "There are no known workarounds for this issue."
                }
              ],
              "value": "There are no known workarounds for this issue."
            }
          ],
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
        "assignerShortName": "juniper",
        "cveId": "CVE-2026-57024",
        "datePublished": "2026-07-09T21:06:57.585Z",
        "dateReserved": "2026-06-23T16:27:00.248Z",
        "dateUpdated": "2026-07-09T21:06:57.585Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-57023 (GCVE-0-2026-57023)

    Vulnerability from cvelistv5 – Published: 2026-07-09 21:06 – Updated: 2026-07-09 21:06
    VLAI
    Title
    Junos OS: MX with SPC3, SRX Series: A specifically malformed TCP packet causes a flowd crash
    Summary
    An Improper Validation of Specified Quantity in Input vulnerability in the TCP proxy plugin of Juniper Networks Junos OS on MX Series with SPC3, and SRX Series allows an unauthenticated, network-based attacker to cause a complete Denial of Service (DoS). When TCP proxy is engaged in a flow session, to support ALGs, Advanced Anti-Malware, ICAP or UTM, a TCP packet with specifically malformed TCP header will cause flow processing daemon (flowd) to crash and restart. This causes a complete service outage until the system has automatically recovered. This issue affects Junos OS on MX with SPC3, and SRX Series:  * 23.4 versions before 23.4R2-S7,  * 24.2 versions before 24.2R2-S4,  * 24.4 versions before 24.4R2-S3, * 25.2 versions before 25.2R2. This issue does not affect releases before 23.4R1.
    CWE
    • CWE-1284 - Improper Validation of Specified Quantity in Input
    Assigner
    References
    Impacted products
    Vendor Product Version
    Juniper Networks Junos OS Affected: 23.4 , < 23.4R2-S7 (custom)
    Affected: 24.2 , < 24.2R2-S4 (custom)
    Affected: 24.4 , < 24.4R2-S3 (custom)
    Affected: 25.2 , < 25.2R2 (custom)
    Create a notification for this product.
    Date Public
    2026-07-08 16:00
    Show details on NVD website

    {
      "containers": {
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "SRX Series",
                "MX Series with SPC3"
              ],
              "product": "Junos OS",
              "vendor": "Juniper Networks",
              "versions": [
                {
                  "lessThan": "23.4R2-S7",
                  "status": "affected",
                  "version": "23.4",
                  "versionType": "custom"
                },
                {
                  "lessThan": "24.2R2-S4",
                  "status": "affected",
                  "version": "24.2",
                  "versionType": "custom"
                },
                {
                  "lessThan": "24.4R2-S3",
                  "status": "affected",
                  "version": "24.4",
                  "versionType": "custom"
                },
                {
                  "lessThan": "25.2R2",
                  "status": "affected",
                  "version": "25.2",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2026-07-08T16:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "An Improper Validation of Specified Quantity in Input vulnerability in the TCP proxy plugin of Juniper Networks Junos OS on MX Series with SPC3, and SRX Series allows an unauthenticated, network-based attacker to cause a complete Denial of Service (DoS).\u003cbr\u003e\u003cbr\u003eWhen TCP proxy is engaged in a flow session, to support ALGs,\u0026nbsp;Advanced Anti-Malware, ICAP\u0026nbsp;or UTM, a TCP packet with specifically malformed TCP header will cause flow processing daemon (flowd) to crash and restart. This causes a complete service outage until the system has automatically recovered.\u003cbr\u003e\n\n\u003cbr\u003e\u003cp\u003eThis issue affects Junos OS on MX with SPC3, and SRX Series:\u0026nbsp;\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003e23.4 versions before 23.4R2-S7,\u0026nbsp;\u003c/li\u003e\u003cli\u003e24.2 versions before 24.2R2-S4,\u0026nbsp;\u003c/li\u003e\u003cli\u003e24.4 versions before 24.4R2-S3,\u003c/li\u003e\u003cli\u003e25.2 versions before 25.2R2.\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003eThis issue does not affect releases before 23.4R1.\u003c/p\u003e"
                }
              ],
              "value": "An Improper Validation of Specified Quantity in Input vulnerability in the TCP proxy plugin of Juniper Networks Junos OS on MX Series with SPC3, and SRX Series allows an unauthenticated, network-based attacker to cause a complete Denial of Service (DoS).\n\nWhen TCP proxy is engaged in a flow session, to support ALGs,\u00a0Advanced Anti-Malware, ICAP\u00a0or UTM, a TCP packet with specifically malformed TCP header will cause flow processing daemon (flowd) to crash and restart. This causes a complete service outage until the system has automatically recovered.\n\n\n\nThis issue affects Junos OS on MX with SPC3, and SRX Series:\u00a0\n\n\n\n  *  23.4 versions before 23.4R2-S7,\u00a0\n  *  24.2 versions before 24.2R2-S4,\u00a0\n  *  24.4 versions before 24.4R2-S3,\n  *  25.2 versions before 25.2R2.\n\n\n\n\nThis issue does not affect releases before 23.4R1."
            }
          ],
          "exploits": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
                }
              ],
              "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            },
            {
              "cvssV4_0": {
                "Automatable": "YES",
                "Recovery": "AUTOMATIC",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 8.7,
                "baseSeverity": "HIGH",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "LOW",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/AU:Y/R:A/RE:M",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "NONE",
                "vulnerabilityResponseEffort": "MODERATE"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-1284",
                  "description": "CWE-1284 Improper Validation of Specified Quantity in Input",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-09T21:06:34.219Z",
            "orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
            "shortName": "juniper"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://supportportal.juniper.net/JSA110083"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "The following software releases have been updated to resolve this specific issue: 23.4R2-S7, 24.2R2-S4, 24.4R2-S3, 25.2R2, 25.4R1, and all subsequent releases."
                }
              ],
              "value": "The following software releases have been updated to resolve this specific issue: 23.4R2-S7, 24.2R2-S4, 24.4R2-S3, 25.2R2, 25.4R1, and all subsequent releases."
            }
          ],
          "source": {
            "advisory": "JSA110083",
            "defect": [
              "1918795"
            ],
            "discovery": "USER"
          },
          "title": "Junos OS: MX with SPC3, SRX Series: A specifically malformed TCP packet causes a flowd crash",
          "workarounds": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "There are no known workarounds for this issue."
                }
              ],
              "value": "There are no known workarounds for this issue."
            }
          ],
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
        "assignerShortName": "juniper",
        "cveId": "CVE-2026-57023",
        "datePublished": "2026-07-09T21:06:34.219Z",
        "dateReserved": "2026-06-23T16:27:00.248Z",
        "dateUpdated": "2026-07-09T21:06:34.219Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-57022 (GCVE-0-2026-57022)

    Vulnerability from cvelistv5 – Published: 2026-07-09 21:06 – Updated: 2026-07-09 21:06
    VLAI
    Title
    Junos OS: MX Series with SPC3, SRX Series: Specific packet in response to a TCP connection establishment by the affected device can crash the PFE
    Summary
    An Improper Check for Unusual or Exceptional Conditions vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS on MX with SPC3 and SRX Series allows an unauthenticated, network-based attacker to cause a Denial-of-Service (DoS). When an affected device initiates a TCP connection to an attacker-controlled system that responds with a specific packet, this causes a PFE crash and restart, which affects all services until the system has automatically recovered. This issue can happen among others in the following scenarios: ALG, SSL proxy, UTM, RTLOG, AppQoE probing, AAMW, ICAP, URL filtering. This issue affects Junos OS on MX Series with SPC3, SRX5k Series with SPC3, SRX1600 Series, SRX2300 Series, SRX4000 Series, and vSRX Series: * all versions before 23.2R2-S4, * 23.4 versions before 23.4R2-S5, * 24.2 versions before 24.2R2.
    CWE
    • CWE-754 - Improper Check for Unusual or Exceptional Conditions
    Assigner
    References
    Impacted products
    Vendor Product Version
    Juniper Networks Junos OS Affected: 0 , < 23.2R2-S4 (custom)
    Affected: 23.4 , < 23.4R2-S5 (custom)
    Affected: 24.2 , < 24.2R2 (custom)
    Create a notification for this product.
    Date Public
    2026-07-08 16:00
    Show details on NVD website

    {
      "containers": {
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "MX Series with SPC3",
                "SRX5k Series with\u00a0SPC3",
                "SRX1600 Series",
                "SRX2300 Series",
                "SRX4000 Series",
                "vSRX Series"
              ],
              "product": "Junos OS",
              "vendor": "Juniper Networks",
              "versions": [
                {
                  "lessThan": "23.2R2-S4",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "23.4R2-S5",
                  "status": "affected",
                  "version": "23.4",
                  "versionType": "custom"
                },
                {
                  "lessThan": "24.2R2",
                  "status": "affected",
                  "version": "24.2",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2026-07-08T16:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "An Improper Check for Unusual or Exceptional Conditions vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS on MX with SPC3 and SRX Series allows an unauthenticated, network-based attacker to cause a Denial-of-Service (DoS).\u003cbr\u003e\u003cbr\u003eWhen an affected device initiates a TCP connection to an attacker-controlled system that responds with a specific packet, this causes a PFE crash and restart, which affects all services until the system has automatically recovered.\u003cbr\u003eThis issue can happen among others in the following scenarios: ALG, SSL proxy, UTM, RTLOG, AppQoE probing, AAMW, ICAP, URL filtering.\u003cbr\u003e\u003cbr\u003eThis issue affects Junos OS on MX Series with SPC3, SRX5k Series with\u0026nbsp;SPC3, SRX1600 Series, SRX2300 Series, SRX4000 Series, and vSRX Series:\u003cbr\u003e\u003cbr\u003e\u003cul\u003e\u003cli\u003eall versions before 23.2R2-S4,\u003c/li\u003e\u003cli\u003e23.4 versions before 23.4R2-S5,\u003c/li\u003e\u003cli\u003e24.2 versions before 24.2R2.\u003c/li\u003e\u003c/ul\u003e"
                }
              ],
              "value": "An Improper Check for Unusual or Exceptional Conditions vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS on MX with SPC3 and SRX Series allows an unauthenticated, network-based attacker to cause a Denial-of-Service (DoS).\n\nWhen an affected device initiates a TCP connection to an attacker-controlled system that responds with a specific packet, this causes a PFE crash and restart, which affects all services until the system has automatically recovered.\nThis issue can happen among others in the following scenarios: ALG, SSL proxy, UTM, RTLOG, AppQoE probing, AAMW, ICAP, URL filtering.\n\nThis issue affects Junos OS on MX Series with SPC3, SRX5k Series with\u00a0SPC3, SRX1600 Series, SRX2300 Series, SRX4000 Series, and vSRX Series:\n\n  *  all versions before 23.2R2-S4,\n  *  23.4 versions before 23.4R2-S5,\n  *  24.2 versions before 24.2R2."
            }
          ],
          "exploits": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
                }
              ],
              "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 5.9,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            },
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "AUTOMATIC",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "PRESENT",
                "attackVector": "NETWORK",
                "baseScore": 8.2,
                "baseSeverity": "HIGH",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "LOW",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/R:A/RE:M",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "NONE",
                "vulnerabilityResponseEffort": "MODERATE"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-754",
                  "description": "CWE-754 Improper Check for Unusual or Exceptional Conditions",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-09T21:06:06.154Z",
            "orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
            "shortName": "juniper"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://supportportal.juniper.net/JSA110082"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "The following software releases have been updated to resolve this specific issue: 22.4R3-S8, 23.2R2-S4, 23.4R2-S5, 24.2R2, 24.4R1, and all subsequent releases."
                }
              ],
              "value": "The following software releases have been updated to resolve this specific issue: 22.4R3-S8, 23.2R2-S4, 23.4R2-S5, 24.2R2, 24.4R1, and all subsequent releases."
            }
          ],
          "source": {
            "advisory": "JSA110082",
            "defect": [
              "1833415"
            ],
            "discovery": "USER"
          },
          "title": "Junos OS: MX Series with SPC3, SRX Series: Specific packet in response to a TCP connection establishment by the affected device can crash the PFE",
          "workarounds": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "There are no known workarounds for this issue."
                }
              ],
              "value": "There are no known workarounds for this issue."
            }
          ],
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
        "assignerShortName": "juniper",
        "cveId": "CVE-2026-57022",
        "datePublished": "2026-07-09T21:06:06.154Z",
        "dateReserved": "2026-06-23T16:27:00.248Z",
        "dateUpdated": "2026-07-09T21:06:06.154Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-57021 (GCVE-0-2026-57021)

    Vulnerability from cvelistv5 – Published: 2026-07-09 21:05 – Updated: 2026-07-09 21:05
    VLAI
    Title
    Junos OS: SRX Series: If VPN compliance-check is configured an attacker can cause http-gk process crash
    Summary
    An Out-of-bounds Write vulnerability in the http-gatekeeper (http-gk) of Juniper Networks Junos OS on SRX Series allows an unauthenticated, network-based attacker to cause a Denial-of-Service (DoS). If an SRX Series device is configured for remote-access VPN with pre-logon compliance check, a network-based attacker sending specifically formatted requests can trigger an out of bounds write leading to an http-gk process crash. This crash leads to unavailability of all services depending on the [ system services web-management ] configuration (like J-Web, remote access VPN and firewall authentication) until the process automatically restarts. This issue affects Junos OS on SRX Series: * 23.2 versions before 23.2R2-S7, * 23.4 versions before 23.4R2-S8, * 24.2 versions before 24.2R2-S4, * 24.4 versions before 24.4R2-S4, * 25.2 versions before 25.2R2, * 25.4 versions before 25.4R1-S1, 25.4R2.
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    Juniper Networks Junos OS Affected: 23.2 , < 23.2R2-S7 (custom)
    Affected: 23.4 , < 23.4R2-S8 (custom)
    Affected: 24.2 , < 24.2R2-S4 (custom)
    Affected: 24.4 , < 24.4R2-S4 (custom)
    Affected: 25.2 , < 25.2R2 (custom)
    Affected: 25.4 , < 25.4R1-S1, 25.4R2 (custom)
    Create a notification for this product.
    Date Public
    2026-07-08 16:00
    Show details on NVD website

    {
      "containers": {
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "SRX Series"
              ],
              "product": "Junos OS",
              "vendor": "Juniper Networks",
              "versions": [
                {
                  "lessThan": "23.2R2-S7",
                  "status": "affected",
                  "version": "23.2",
                  "versionType": "custom"
                },
                {
                  "lessThan": "23.4R2-S8",
                  "status": "affected",
                  "version": "23.4",
                  "versionType": "custom"
                },
                {
                  "lessThan": "24.2R2-S4",
                  "status": "affected",
                  "version": "24.2",
                  "versionType": "custom"
                },
                {
                  "lessThan": "24.4R2-S4",
                  "status": "affected",
                  "version": "24.4",
                  "versionType": "custom"
                },
                {
                  "lessThan": "25.2R2",
                  "status": "affected",
                  "version": "25.2",
                  "versionType": "custom"
                },
                {
                  "lessThan": "25.4R1-S1, 25.4R2",
                  "status": "affected",
                  "version": "25.4",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "configurations": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "To be exposed to this issue, the device needs to be configured to perform client compliance checks with:\u003cbr\u003e\u003cbr\u003e\u003ctt\u003e[ security remote-access compliance pre-logon ... ]\u003c/tt\u003e\u003cbr\u003e"
                }
              ],
              "value": "To be exposed to this issue, the device needs to be configured to perform client compliance checks with:\n\n[ security remote-access compliance pre-logon ... ]"
            }
          ],
          "datePublic": "2026-07-08T16:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "An Out-of-bounds Write vulnerability in the http-gatekeeper (http-gk) of Juniper Networks Junos OS on SRX Series allows an unauthenticated, network-based attacker to cause a Denial-of-Service (DoS).\u003cbr\u003e\u003cbr\u003eIf an SRX Series device is configured for remote-access VPN with pre-logon compliance check, a network-based attacker sending specifically formatted requests can trigger an out of bounds write leading to an http-gk process crash. This crash leads to unavailability of all services depending on the [ system services web-management ] configuration (like J-Web, remote access VPN and firewall authentication) until the process automatically restarts.\u003cbr\u003e\u003cp\u003e\u003cbr\u003eThis issue affects\u0026nbsp;Junos OS on SRX Series:\u003cbr\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003e23.2 versions before 23.2R2-S7,\u003c/li\u003e\u003cli\u003e23.4 versions before 23.4R2-S8,\u003c/li\u003e\u003cli\u003e24.2 versions before 24.2R2-S4,\u003c/li\u003e\u003cli\u003e24.4 versions before 24.4R2-S4,\u003c/li\u003e\u003cli\u003e25.2 versions before 25.2R2,\u003c/li\u003e\u003cli\u003e25.4 versions before 25.4R1-S1, 25.4R2.\u003c/li\u003e\u003c/ul\u003e\u003cbr\u003e\u003cp\u003e\u003c/p\u003e"
                }
              ],
              "value": "An Out-of-bounds Write vulnerability in the http-gatekeeper (http-gk) of Juniper Networks Junos OS on SRX Series allows an unauthenticated, network-based attacker to cause a Denial-of-Service (DoS).\n\nIf an SRX Series device is configured for remote-access VPN with pre-logon compliance check, a network-based attacker sending specifically formatted requests can trigger an out of bounds write leading to an http-gk process crash. This crash leads to unavailability of all services depending on the [ system services web-management ] configuration (like J-Web, remote access VPN and firewall authentication) until the process automatically restarts.\n\nThis issue affects\u00a0Junos OS on SRX Series:\n\n\n  *  23.2 versions before 23.2R2-S7,\n  *  23.4 versions before 23.4R2-S8,\n  *  24.2 versions before 24.2R2-S4,\n  *  24.4 versions before 24.4R2-S4,\n  *  25.2 versions before 25.2R2,\n  *  25.4 versions before 25.4R1-S1, 25.4R2."
            }
          ],
          "exploits": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
                }
              ],
              "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            },
            {
              "cvssV4_0": {
                "Automatable": "YES",
                "Recovery": "AUTOMATIC",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 6.9,
                "baseSeverity": "MEDIUM",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/AU:Y/R:A/RE:M",
                "version": "4.0",
                "vulnAvailabilityImpact": "LOW",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "NONE",
                "vulnerabilityResponseEffort": "MODERATE"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-787",
                  "description": "CWE-787 Out-of-bounds Write",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-09T21:05:45.214Z",
            "orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
            "shortName": "juniper"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://supportportal.juniper.net/JSA110081"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "The following software releases have been updated to resolve this specific issue:\n\nJunos OS: 23.2R2-S7, 23.4R2-S8, 24.2R2-S4, 24.4R2-S4, 25.2R2, 25.4R1-S1, 25.4R2, 26.2R1, and all subsequent releases."
                }
              ],
              "value": "The following software releases have been updated to resolve this specific issue:\n\nJunos OS: 23.2R2-S7, 23.4R2-S8, 24.2R2-S4, 24.4R2-S4, 25.2R2, 25.4R1-S1, 25.4R2, 26.2R1, and all subsequent releases."
            }
          ],
          "source": {
            "advisory": "JSA110081",
            "defect": [
              "1922812"
            ],
            "discovery": "USER"
          },
          "title": "Junos OS: SRX Series: If VPN compliance-check is configured an attacker can cause http-gk process crash",
          "workarounds": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "There are no known workarounds for this issue."
                }
              ],
              "value": "There are no known workarounds for this issue."
            }
          ],
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
        "assignerShortName": "juniper",
        "cveId": "CVE-2026-57021",
        "datePublished": "2026-07-09T21:05:45.214Z",
        "dateReserved": "2026-06-23T16:27:00.248Z",
        "dateUpdated": "2026-07-09T21:05:45.214Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-57020 (GCVE-0-2026-57020)

    Vulnerability from cvelistv5 – Published: 2026-07-09 21:05 – Updated: 2026-07-09 21:05
    VLAI
    Title
    Junos OS: QFX10000 Series: IPv6 multicast traffic received on non-IRB interfaces causes a multicast flood
    Summary
    An Improper Check for Unusual or Exceptional Conditions vulnerability in the packet forwarding engine (pfe) of Juniper Networks Junos OS on QFX10000 Series allows an unauthenticated, adjacent attacker to cause a Denial-of-Service (DoS). On all QFX10000 platforms in an EVPN-VxLAN scenario, if an attacker sends IPv6 multicast traffic and these packets reach the non-IRB interface of a spine switch it floods the packet to other spines and all Ethernet Segment Identifier (ESI) leaf switches. This flooding causes the packet to be forwarded in a endless loop, which can lead to saturation of the involved links and in turn impact to legitimate traffic. This issue affects Junos OS on QFX10000 Series: * all versions before 23.2R2-S7, * 23.4 versions before 23.4R2-S8, * 24.2 versions before 24.2R2-S4, * 24.4 versions before 24.4R2-S4. This issue does not affect Junos version after 24.4 as the QFX10000 Series devices are not supported on newer versions anymore.
    CWE
    • CWE-754 - Improper Check for Unusual or Exceptional Conditions
    Assigner
    References
    Impacted products
    Vendor Product Version
    Juniper Networks Junos OS Affected: 0 , < 23.2R2-S7 (custom)
    Affected: 23.4 , < 23.4R2-S8 (custom)
    Affected: 24.2 , < 24.2R2-S4 (custom)
    Affected: 24.4 , < 24.4R2-S4 (custom)
    Create a notification for this product.
    Date Public
    2026-07-08 16:00
    Show details on NVD website

    {
      "containers": {
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "QFX10000 Series"
              ],
              "product": "Junos OS",
              "vendor": "Juniper Networks",
              "versions": [
                {
                  "lessThan": "23.2R2-S7",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "23.4R2-S8",
                  "status": "affected",
                  "version": "23.4",
                  "versionType": "custom"
                },
                {
                  "lessThan": "24.2R2-S4",
                  "status": "affected",
                  "version": "24.2",
                  "versionType": "custom"
                },
                {
                  "lessThan": "24.4R2-S4",
                  "status": "affected",
                  "version": "24.4",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2026-07-08T16:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "An Improper Check for Unusual or Exceptional Conditions vulnerability in the packet forwarding engine (pfe) of Juniper Networks Junos OS on QFX10000 Series allows an unauthenticated, adjacent attacker to cause a Denial-of-Service (DoS).\u003cp\u003e\n\nOn all QFX10000 platforms in an EVPN-VxLAN scenario, if an attacker sends IPv6 multicast traffic and these packets reach the non-IRB interface of a spine switch it floods the packet to other spines and all Ethernet Segment Identifier (ESI)\u0026nbsp;leaf switches. This flooding causes the packet to be forwarded in a endless loop, which can lead to saturation of the involved links and in turn impact to legitimate traffic.\u003cbr\u003e\u003c/p\u003e\u003cp\u003e\u003cbr\u003eThis issue affects Junos OS on QFX10000 Series:\u003cbr\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003eall versions before 23.2R2-S7,\u003c/li\u003e\u003cli\u003e23.4 versions before 23.4R2-S8,\u003c/li\u003e\u003cli\u003e24.2 versions before 24.2R2-S4,\u003c/li\u003e\u003cli\u003e24.4 versions before 24.4R2-S4.\u003c/li\u003e\u003c/ul\u003e\u003cbr\u003eThis issue does not affect Junos version after 24.4 as the QFX10000 Series devices are not supported on newer versions anymore.\u003cp\u003e\u003c/p\u003e"
                }
              ],
              "value": "An Improper Check for Unusual or Exceptional Conditions vulnerability in the packet forwarding engine (pfe) of Juniper Networks Junos OS on QFX10000 Series allows an unauthenticated, adjacent attacker to cause a Denial-of-Service (DoS).\n\nOn all QFX10000 platforms in an EVPN-VxLAN scenario, if an attacker sends IPv6 multicast traffic and these packets reach the non-IRB interface of a spine switch it floods the packet to other spines and all Ethernet Segment Identifier (ESI)\u00a0leaf switches. This flooding causes the packet to be forwarded in a endless loop, which can lead to saturation of the involved links and in turn impact to legitimate traffic.\n\n\n\nThis issue affects Junos OS on QFX10000 Series:\n\n\n  *  all versions before 23.2R2-S7,\n  *  23.4 versions before 23.4R2-S8,\n  *  24.2 versions before 24.2R2-S4,\n  *  24.4 versions before 24.4R2-S4.\n\n\n\nThis issue does not affect Junos version after 24.4 as the QFX10000 Series devices are not supported on newer versions anymore."
            }
          ],
          "exploits": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
                }
              ],
              "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT_NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            },
            {
              "cvssV4_0": {
                "Automatable": "YES",
                "Recovery": "USER",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "ADJACENT",
                "baseScore": 7.1,
                "baseSeverity": "HIGH",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "LOW",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/AU:Y/R:U/RE:M",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "NONE",
                "vulnerabilityResponseEffort": "MODERATE"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-754",
                  "description": "CWE-754 Improper Check for Unusual or Exceptional Conditions",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-09T21:05:07.368Z",
            "orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
            "shortName": "juniper"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://supportportal.juniper.net/JSA110080"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "The following software releases have been updated to resolve this specific issue:\n\nJunos OS: 23.2R2-S7, 23.4R2-S8, 24.2R2-S4, 24.4R2-S4."
                }
              ],
              "value": "The following software releases have been updated to resolve this specific issue:\n\nJunos OS: 23.2R2-S7, 23.4R2-S8, 24.2R2-S4, 24.4R2-S4."
            }
          ],
          "source": {
            "advisory": "JSA110080",
            "defect": [
              "1916949"
            ],
            "discovery": "USER"
          },
          "title": "Junos OS: QFX10000 Series: IPv6 multicast traffic received on non-IRB interfaces causes a multicast flood",
          "workarounds": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "There are no known workarounds for this issue."
                }
              ],
              "value": "There are no known workarounds for this issue."
            }
          ],
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
        "assignerShortName": "juniper",
        "cveId": "CVE-2026-57020",
        "datePublished": "2026-07-09T21:05:07.368Z",
        "dateReserved": "2026-06-23T16:27:00.248Z",
        "dateUpdated": "2026-07-09T21:05:07.368Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }