Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools

junos

Source -

NVDADP

CNA CVEs -

0

ADP CVEs -

22

CISA CVEs -

0

NVD CVEs -

786
Related CVEsRelated VendorsRelated AssignersReports
786Vulnerabilities found

CVE-2026-57054
Assigner-Juniper Networks, Inc.
ShareView Details
Assigner-Juniper Networks, Inc.
CVSS Score-6.9||MEDIUM
EPSS-0.37% / 28.93%
||
7 Day CHG+0.02%
Published-09 Jul, 2026 | 21:14
Updated-13 Jul, 2026 | 20:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Junos OS: MX Series: Web filtering doesn't block specifically formatted URLs

A Use of Incorrectly-Resolved Name or Reference vulnerability in the URL filtering plugin of Juniper Networks Junos OS on MX Series allows an unauthenticated, network-based attacker to bypass web filtering and access downstream resources that should be unreachable. If an MX Series device is configured with web filtering, and an attacker sends a request with a specifically formatted URL, this request will get forwarded despite the system being configured to block it. In turn, an attacker can access downstream resources that are expected to be unreachable. This issue affects Junos OS on MX Series: * all versions before 23.2R2-S7, * 23.4 versions before 23.4R2-S8, * 24.2 versions before 24.2R2-S5, * 24.4 versions before 24.4R2-S4, * 25.2 versions before 25.2R2-S1, * 25.4 versions before 25.4R1-S2, 25.4R2.

Action-Not Available
Vendor-Juniper Networks, Inc.
Product-mx10008mx2010mx304mx480mx960mx204mx301junosmx240mx2008mx10004mx2020Junos OS
CWE ID-CWE-706
Use of Incorrectly-Resolved Name or Reference
CVE-2026-57032
Assigner-Juniper Networks, Inc.
ShareView Details
Assigner-Juniper Networks, Inc.
CVSS Score-7.1||HIGH
EPSS-0.42% / 34.16%
||
7 Day CHG+0.01%
Published-09 Jul, 2026 | 21:14
Updated-13 Jul, 2026 | 20:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Junos OS: EX Series: Subscribing to an unsupported telemetry sensor path causes fxpc process crash

An Improper Handling of Undefined Parameters vulnerability in the packet forwarding engine (pfe) of Juniper Networks Junos OS on EX Series devices allows an authenticated attacker with low privileges to cause a Denial-of-Service (DoS). If an attempt is made to subscribe to an unsupported telemetry sensor path on EX2300, EX3400, EX4000, EX4100 and EX4400 via gRPC, this causes the FPC to crash. This leads to a complete service outage until the module has automatically restarted.  The following log message can be seen when this issue happens: agentd[<PID>]: AGENTD_RESOURCE_NOT_FOUND: No resource name found for <sensor> This issue affects Junos OS on EX2300, EX3400, EX4000, EX4100 and EX4400 devices: * all versions before 23.2R2-S7, * 23.4 versions before 23.4R2-S8, * 24.2 versions before 24.2R2-S5, * 24.4 versions before 24.4R2.

Action-Not Available
Vendor-Juniper Networks, Inc.
Product-ex3400ex4100-fex2300ex4400junosex4100-hex2300-cex4100-h-12tex4100ex4000Junos OS
CWE ID-CWE-236
Improper Handling of Undefined Parameters
CVE-2026-57030
Assigner-Juniper Networks, Inc.
ShareView Details
Assigner-Juniper Networks, Inc.
CVSS Score-8.2||HIGH
EPSS-0.38% / 30.38%
||
7 Day CHG~0.00%
Published-09 Jul, 2026 | 21:13
Updated-13 Jul, 2026 | 20:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Junos OS: SRX Series: Flow sessions are not getting cleared leading to a DoS

A Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') vulnerability in the packet forwarding engine (PFE) of Juniper Networks Junos OS on SRX Series allows an unauthenticated, network-based attacker to cause a Denial-of-Service (DoS). As part of the stateful traffic processing on SRX Series devices flows are being established, and removed when not needed anymore. During the removal process the timeout of a flow should be set to 3 seconds and consequentially the flow should be removed shortly after. Due to a race condition occurring when setting the timeout there is a chance (the exact conditions are outside the attackers control) that the timeout is instead set to a very high value of larger than 10,000 seconds: user@host> show security flow session | match timeout Session ID: 98784248524, Policy name: PROD-FLOW/4, HA State: Active, Timeout: 85250, Session State: Valid This will lead to an accumulation of flows which can be observed by an ever-increasing value of invalidated sessions in the output of 'show security flow session summary': user@host> show security flow session summary | match invalid Invalidated sessions: 216931These sessions can't be cleared manually with the 'clear security flow session' command, which will either lead to forwarding to stop (and the system needs to be manually recovered with a reboot) or to a flowd core and automatic reboot. This issue affects Junos OS on SRX Series: * 24.2 versions before 24.2R2-S3, * 24.4 versions before 24.4R2-S1, 24.4R2-S2, * 25.2 versions before 25.2R1-S2, 25.2R2. This issue does not affect releases earlier than 24.2R1;

Action-Not Available
Vendor-Juniper Networks, Inc.
Product-srx4100srx400srx4600srx1600junossrx4120srx380srx320srx345srx300srx440srx4700srx2300srx1500srx4300srx5400srx340srx4200srx5800srx5600Junos OS
CWE ID-CWE-362
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CVE-2026-57027
Assigner-Juniper Networks, Inc.
ShareView Details
Assigner-Juniper Networks, Inc.
CVSS Score-7.1||HIGH
EPSS-0.27% / 18.66%
||
7 Day CHG~0.00%
Published-09 Jul, 2026 | 21:08
Updated-13 Jul, 2026 | 20:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Junos OS: EX4100 Series, EX4400: With sFlow configured in a VC scenario multicast traffic leads to an FPC crash

A Missing Release of Memory after Effective Lifetime vulnerability in the packet forwarding engine (pfe) of Juniper Networks Junos OS on specific EX Series devices allows an unauthenticated adjacent attacker to cause a Denial-of-Service (DoS).When sFlow is configured in a Virtual Chassis (VC) scenario with EX4100 Series or EX4400 Series devices, multicast traffic which is received on one VC member and sent out on another member leads to a memory leak and ultimately an FPC crash and restart. The leak can be monitored by watching the continuous increase of the buffer values in the output of: user@host> show chassis fpc This issue affects Junos OS on EX4100 Series and EX4400: * all versions before 23.2R2-S7, * 23.4 versions before 23.4R2-S7, * 24.2 versions before 24.2R2-S4, * 24.4 versions before 24.4R2.

Action-Not Available
Vendor-Juniper Networks, Inc.
Product-ex4100-fex4400ex4100-hjunosex4100-h-12tex4100Junos OS
CWE ID-CWE-401
Missing Release of Memory after Effective Lifetime
CVE-2026-57026
Assigner-Juniper Networks, Inc.
ShareView Details
Assigner-Juniper Networks, Inc.
CVSS Score-8.7||HIGH
EPSS-0.46% / 37.09%
||
7 Day CHG~0.00%
Published-09 Jul, 2026 | 21:07
Updated-14 Jul, 2026 | 15:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Junos OS: MX Series with SPC3, SRX Series: Processing of a specifically malformed SIP invite causes a flowd crash

An Improper Validation of Syntactic Correctness of Input vulnerability in the SIP plugin of Juniper Networks Junos OS on MX Series with SPC3 and SRX Series allows an unauthenticated, network-based attacker to cause a Denial-of-Service (DoS).If the SIP ALG is enabled on an affected device, the processing of a malformed SIP invite packet will cause a flow processing daemon (flowd) crash and restart. This leads to a complete service outage until the system has automatically recovered. This issue affects Junos OS on MX Series with SPC3 and SRX Series: * all versions before 23.2R2-S7, * 23.4 versions before 23.4R2-S8, * 24.2 versions before 24.2R2-S5, * 24.4 versions before 24.4R2-S4, * 25.2 versions before 25.2R2, * 25.4 versions before 25.4R1-S2.

Action-Not Available
Vendor-Juniper Networks, Inc.
Product-srx4100srx400srx4600srx1600mx-spc3junosmx240srx4120srx380srx320srx345srx300srx440srx4700srx2300srx1500srx4300mx480mx960srx5400srx340srx4200srx5800srx5600Junos OS
CWE ID-CWE-1286
Improper Validation of Syntactic Correctness of Input
CVE-2026-57025
Assigner-Juniper Networks, Inc.
ShareView Details
Assigner-Juniper Networks, Inc.
CVSS Score-6.8||MEDIUM
EPSS-0.14% / 3.81%
||
7 Day CHG-0.00%
Published-09 Jul, 2026 | 21:07
Updated-16 Jul, 2026 | 09:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Junos OS and Junos OS Evolved: EX Series, QFX Series, MX Series: A specific 'show l2-learning/ethernet-switching' command causes l2ald crash

A Return of Pointer Value Outside of Expected Range vulnerability in the fileio library of Juniper Networks Junos OS and Junos OS Evolved allows a local, low-privilged attacker to cause a Denial-of-Service (DoS). On EX Series, QFX Series and MX Series a low-privileged attacker issuing a specific 'show l2-learning' or 'show ethernet-switching' command will cause an l2ald crash which will lead to a temporary service impact for all layer 2 services until the process has automatically restarted. This issue affects EX Series, QFX Series, MX Series: Junos OS: * all versions before 23.2R2-S7, * 23.4 versions before 23.4R2-S7, * 24.2 versions before 24.2R2, * 24.4 versions before 24.4R1-S2. Junos OS Evolved: * all versions before 23.2R2-S7-EVO, * 23.4 versions before 23.4R2-S8-EVO, * 24.2 versions before 24.2R2-EVO, * 24.4 versions before 24.4R1-S3-EVO.

Action-Not Available
Vendor-Juniper Networks, Inc.
Product-ex4650mx10008qfx5220qfx5130qfx5200qfx5241mx204junos_os_evolvedmx301qfx5110junosex4100-hmx240qfx5250ex4100mx2008ex4600ex4100-fex2300ex4400qfx5210qfx5240mx480qfx10016qfx5230-64cdex4100-h-12tex4300mx304ex9208ex9204qfx5140ex4000mx2020ex3400ex9214qfx5700mx2010qfx10008qfx5120mx960ex2300-cmx10004Junos OS EvolvedJunos OS
CWE ID-CWE-466
Return of Pointer Value Outside of Expected Range
CVE-2026-57024
Assigner-Juniper Networks, Inc.
ShareView Details
Assigner-Juniper Networks, Inc.
CVSS Score-6.9||MEDIUM
EPSS-0.42% / 33.82%
||
7 Day CHG~0.00%
Published-09 Jul, 2026 | 21:06
Updated-14 Jul, 2026 | 15:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Junos OS: MX with SPC3, SRX Series: Repeated VPN negotiation failures will eventually cause iked to crash continuously

A Use of Multiple Resources with Duplicate Identifier vulnerability in the IKE daemon (iked) of Juniper Networks Junos OS on MX with SPC3 and SRX Series allows an unauthenticated, network-based attacker to cause a Denial-of-Service (DoS). On an MX with SPC3 and SRX devices configured for VPN service, when a large number of VPN negotiations fail a peer index rollover will eventually occur. As a result, new peers are assigned index values that are already in use and the iked process starts to crash repeatedly. This results in failure to establish new VPN connections and rekeying existing ones. To restore service the system must be rebooted. Please note that the index value can't be monitored, so customers should monitor tunnel up and down events and if a lot of events occur over an extended period of time it becomes likely that this issue occurs. To be exposed to this issue the system needs to run iked (vs. kmd which is not affected), which can be verified with: user@host> show system processes extensive | match "KMD|IKED" This issue affects Junos OS on MX with SPC3, SRX Series: * all versions before 23.2R2-S7, * 23.4 versions before 23.4R2-S6, * 24.2 versions before 24.2R2-S3, * 24.4 versions before 24.4R2-S4, * 25.2 versions before 25.2R1-S1.

Action-Not Available
Vendor-Juniper Networks, Inc.
Product-srx4100srx400srx4600srx1600mx-spc3junosmx240srx4120srx380srx320srx345srx300srx440srx4700srx2300srx1500srx4300mx480mx960srx5400srx340srx4200srx5800srx5600Junos OS
CWE ID-CWE-694
Use of Multiple Resources with Duplicate Identifier
CVE-2026-57023
Assigner-Juniper Networks, Inc.
ShareView Details
Assigner-Juniper Networks, Inc.
CVSS Score-8.7||HIGH
EPSS-0.46% / 37.09%
||
7 Day CHG~0.00%
Published-09 Jul, 2026 | 21:06
Updated-14 Jul, 2026 | 15:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Junos OS: MX with SPC3, SRX Series: A specifically malformed TCP packet causes a flowd crash

An Improper Validation of Specified Quantity in Input vulnerability in the TCP proxy plugin of Juniper Networks Junos OS on MX Series with SPC3, and SRX Series allows an unauthenticated, network-based attacker to cause a complete Denial of Service (DoS). When TCP proxy is engaged in a flow session, to support ALGs, Advanced Anti-Malware, ICAP or UTM, a TCP packet with specifically malformed TCP header will cause flow processing daemon (flowd) to crash and restart. This causes a complete service outage until the system has automatically recovered. This issue affects Junos OS on MX with SPC3, and SRX Series:  * 23.4 versions before 23.4R2-S7,  * 24.2 versions before 24.2R2-S4,  * 24.4 versions before 24.4R2-S3, * 25.2 versions before 25.2R2. This issue does not affect releases before 23.4R1.

Action-Not Available
Vendor-Juniper Networks, Inc.
Product-srx4100srx400srx4600srx1600mx-spc3junosmx240srx4120srx380srx320srx345srx300srx440srx4700srx2300srx1500srx4300mx480mx960srx5400srx340srx4200srx5800srx5600Junos OS
CWE ID-CWE-1284
Improper Validation of Specified Quantity in Input
CVE-2026-57021
Assigner-Juniper Networks, Inc.
ShareView Details
Assigner-Juniper Networks, Inc.
CVSS Score-6.9||MEDIUM
EPSS-0.47% / 37.93%
||
7 Day CHG~0.00%
Published-09 Jul, 2026 | 21:05
Updated-13 Jul, 2026 | 20:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Junos OS: SRX Series: If VPN compliance-check is configured an attacker can cause http-gk process crash

An Out-of-bounds Write vulnerability in the http-gatekeeper (http-gk) of Juniper Networks Junos OS on SRX Series allows an unauthenticated, network-based attacker to cause a Denial-of-Service (DoS). If an SRX Series device is configured for remote-access VPN with pre-logon compliance check, a network-based attacker sending specifically formatted requests can trigger an out of bounds write leading to an http-gk process crash. This crash leads to unavailability of all services depending on the [ system services web-management ] configuration (like J-Web, remote access VPN and firewall authentication) until the process automatically restarts. This issue affects Junos OS on SRX Series: * 23.2 versions before 23.2R2-S7, * 23.4 versions before 23.4R2-S8, * 24.2 versions before 24.2R2-S4, * 24.4 versions before 24.4R2-S4, * 25.2 versions before 25.2R2, * 25.4 versions before 25.4R1-S1, 25.4R2.

Action-Not Available
Vendor-Juniper Networks, Inc.
Product-srx4100srx400srx4600srx1600junossrx4120srx380srx320srx345srx300srx440srx4700srx2300srx1500srx4300srx5400srx340srx4200srx5800srx5600Junos OS
CWE ID-CWE-787
Out-of-bounds Write
CVE-2026-57020
Assigner-Juniper Networks, Inc.
ShareView Details
Assigner-Juniper Networks, Inc.
CVSS Score-7.1||HIGH
EPSS-0.27% / 18.70%
||
7 Day CHG~0.00%
Published-09 Jul, 2026 | 21:05
Updated-13 Jul, 2026 | 20:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Junos OS: QFX10000 Series: IPv6 multicast traffic received on non-IRB interfaces causes a multicast flood

An Improper Check for Unusual or Exceptional Conditions vulnerability in the packet forwarding engine (pfe) of Juniper Networks Junos OS on QFX10000 Series allows an unauthenticated, adjacent attacker to cause a Denial-of-Service (DoS). On all QFX10000 platforms in an EVPN-VxLAN scenario, if an attacker sends IPv6 multicast traffic and these packets reach the non-IRB interface of a spine switch it floods the packet to other spines and all Ethernet Segment Identifier (ESI) leaf switches. This flooding causes the packet to be forwarded in a endless loop, which can lead to saturation of the involved links and in turn impact to legitimate traffic. This issue affects Junos OS on QFX10000 Series: * all versions before 23.2R2-S7, * 23.4 versions before 23.4R2-S8, * 24.2 versions before 24.2R2-S4, * 24.4 versions before 24.4R2-S4. This issue does not affect Junos version after 24.4 as the QFX10000 Series devices are not supported on newer versions anymore.

Action-Not Available
Vendor-Juniper Networks, Inc.
Product-junosqfx10016qfx10008Junos OS
CWE ID-CWE-754
Improper Check for Unusual or Exceptional Conditions
CVE-2026-57019
Assigner-Juniper Networks, Inc.
ShareView Details
Assigner-Juniper Networks, Inc.
CVSS Score-7.1||HIGH
EPSS-0.27% / 18.70%
||
7 Day CHG~0.00%
Published-09 Jul, 2026 | 21:04
Updated-13 Jul, 2026 | 20:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Junos OS: MX Series: Specific traffic causes an FPC to reset

An Improper Validation of Specified Quantity in Input vulnerability in the Packet Forwarding Engine (pfe) of Juniper Networks Junos OS on MX Series allows an unauthenticated, adjacent attacker to cause a Denial-of-Service (DoS). When a specific packet is received from device in the same broadcast domain, an affected system calculates the packet size incorrectly. This causes further packet processing to fail, which triggers an FPC major error, resulting in a FPC reset impacting traffic until the FPC has automatically recovered. Affected scenarios are: MAP-T, or non-IP traffic encapsulated in IP (e.g. MPLS over GRE). When this issue happens the following logs can be observed: fpc<#> CMError: /fpc/0/pfe/0/cm/0/MQSS(0)/0/MQSS_CMERROR_LI_INT_REG_UNROLL_TAIL_LENGTH_OVF (0x2205eb), scope: pfe, category: functional, severity: major, module: MQSS(0), type: LI: Unroll TAIL length overflow, oc_category: default fpc<#> Performing action reset-fru for error /fpc/0/pfe/0/cm/0/MQSS(0)/0/MQSS_CMERROR_LI_INT_REG_UNROLL_TAIL_LENGTH_OVF (0x2205eb) in module: MQSS(0) with scope: pfe category: functional level: major, oc_category: default This issue affects Junos OS on MX Series: * all versions before 23.2R2-S6, * 23.4 versions before 23.4R2-S7, * 24.2 versions before 24.2R2-S4, * 24.4 versions before 24.4R2-S4, * 25.2 versions before 25.2R2.

Action-Not Available
Vendor-Juniper Networks, Inc.
Product-mx10008mx2010mx304mx480mx960mx204mx301junosmx240mx2008mx10004mx2020Junos OS
CWE ID-CWE-1284
Improper Validation of Specified Quantity in Input
CVE-2026-33802
Assigner-Juniper Networks, Inc.
ShareView Details
Assigner-Juniper Networks, Inc.
CVSS Score-6.8||MEDIUM
EPSS-0.12% / 2.45%
||
7 Day CHG~0.00%
Published-09 Jul, 2026 | 21:03
Updated-14 Jul, 2026 | 16:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Junos OS: EX Series: Unauthorized users can execute service-impacting CLI command

A Missing Authorization vulnerability in the CLI of Juniper Networks Junos OS on EX Series allows a local, authenticated attacker to cause a Denial-of-Service (DoS). On EX2300, EX4000, EX4100, EX4300-MP (Multigigabit) and EX4400 switches, an authenticated, local attacker with no specific permissions or class can execute a specific, privileged CLI 'request' command which will cause complete traffic impact until the system automatically recovers. This issue affects Junos OS on EX2300, EX4000, EX4100, EX4300-MP (Multigigabit) and EX4400: * 23.2R2 versions before 23.2R2-S6, * 23.4 versions before 23.4R2-S8, * 24.2 versions before 24.2R2-S4, * 24.4 versions before 24.4R2-S3, * 25.2 versions before 25.2R2, * 25.4 versions before 25.4R1-S1.

Action-Not Available
Vendor-Juniper Networks, Inc.
Product-ex4400ex2300ex4300-mpjunosex4100ex4000Junos OS
CWE ID-CWE-862
Missing Authorization
CVE-2026-33801
Assigner-Juniper Networks, Inc.
ShareView Details
Assigner-Juniper Networks, Inc.
CVSS Score-7.1||HIGH
EPSS-0.28% / 20.12%
||
7 Day CHG~0.00%
Published-09 Jul, 2026 | 21:03
Updated-13 Jul, 2026 | 20:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Junos OS and Junos OS Evolved: When a specifically malformed BGP route update is received RPD crashes

An Improper Check for Unusual or Exceptional Conditions vulnerability in the routing protocol daemon (RPD) of Juniper Networks Junos OS and Junos OS Evolved allows an adjacent, unauthenticated attacker sending a specific BGP update over an established BGP session to cause a Denial-of-Service (DoS). Upon receipt of a specifically malformed non-inet/inet6 unicast BGP update, an RPD crash and restart is triggered, which will cause a complete service outage until routing has reconverged. The rpd crash occurs before the update can be readvertised, so there is no downstream propagation. This issue affects: * Junos OS versions 25.2 before 25.2R2; * Junos OS Evolved versions 25.2 before 25.2R2-EVO. This issue doesn't affect Junos OS versions before 25.2R1 nor Junos OS Evolved versions before 25.2R1-EVO.

Action-Not Available
Vendor-Juniper Networks, Inc.
Product-junosjunos_os_evolvedJunos OS EvolvedJunos OS
CWE ID-CWE-754
Improper Check for Unusual or Exceptional Conditions
CVE-2026-33799
Assigner-Juniper Networks, Inc.
ShareView Details
Assigner-Juniper Networks, Inc.
CVSS Score-5.3||MEDIUM
EPSS-0.37% / 29.02%
||
7 Day CHG+0.01%
Published-09 Jul, 2026 | 21:02
Updated-13 Jul, 2026 | 12:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Junos OS and Junos OS Evolved: Receipt of a specific SNMPv3 request results in memory leak and eventual snmpd crash

An Out-of-bounds Write vulnerability in the SNMP daemon (snmpd) of Juniper Networks Junos OS and Junos OS Evolved allows an authenticated network-based attacker sending specific valid SNMPv3 queries to trigger a memory leak. Over time, continuous receipt of these queries will result in snmpd process memory exhaustion, resulting in a process crash and restart, impacting the ability to monitor the system via SNMP. Memory usage can be monitored using the following command: user@device> show system processes extensive | match snmpd This issue affects: Junos OS: * all versions before 21.2R3-S8; * from 21.4 before 21.4R3-S7; * from 22.1 before 22.1R3-S6; * from 22.2 before 22.2R3-S4; * from 22.3 before 22.3R3-S3; * from 22.4 before 22.4R3-S2; * from 23.2 before 23.2R2; * from 23.4 before 23.4R2. Junos OS Evolved: * all versions before 21.2R3-S8-EVO; * from 21.4 before 21.4R3-S7-EVO; * all versions of 22.1-EVO, * from 22.2 before 22.2R3-S4-EVO; * from 22.3 before 22.3R3-S3-EVO; * all versions of 22.4-EVO, * from 23.2 before 23.2R2-EVO; * from 23.4 before 23.4R2-EVO.

Action-Not Available
Vendor-Juniper Networks, Inc.
Product-junosjunos_os_evolvedJunos OS EvolvedJunos OS
CWE ID-CWE-787
Out-of-bounds Write
CVE-2026-33791
Assigner-Juniper Networks, Inc.
ShareView Details
Assigner-Juniper Networks, Inc.
CVSS Score-8.4||HIGH
EPSS-0.69% / 48.75%
||
7 Day CHG~0.00%
Published-09 Apr, 2026 | 21:38
Updated-22 Apr, 2026 | 15:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Junos OS and Junos OS Evolved: Execution of crafted CLI commands allows for arbitrary shell injection as root

An OS Command Injection vulnerability in the CLI processing of Juniper Networks Junos OS and Junos OS Evolved allows a local, high-privileged attacker executing specific, crafted CLI commands to inject arbitrary shell commands as root, leading to a complete compromise of the system. Certain 'set system' commands, when executed with crafted arguments, are not properly sanitized, allowing for arbitrary shell injection. These shell commands are executed as root, potentially allowing for complete control of the vulnerable system. This issue affects: Junos OS:  * all versions before 22.4R3-S8,  * from 23.2 before 23.2R2-S5,  * from 23.4 before 23.4R2-S7,  * from 24.2 before 24.2R2-S2,  * from 24.4 before 24.4R2,  * from 25.2 before 25.2R2;  Junos OS Evolved:  * all versions before 22.4R3-S8-EVO,  * from 23.2 before 23.2R2-S5-EVO,  * from 23.4 before 23.4R2-S7-EVO,  * from 24.2 before 24.2R2-S2-EVO,  * from 24.4 before 24.4R2-EVO,  * from 25.2 before 25.2R1-S1-EVO, 25.2R2-EVO.

Action-Not Available
Vendor-Juniper Networks, Inc.
Product-junos_os_evolvedjunosJunos OSJunos OS Evolved
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2026-33790
Assigner-Juniper Networks, Inc.
ShareView Details
Assigner-Juniper Networks, Inc.
CVSS Score-8.7||HIGH
EPSS-0.33% / 25.26%
||
7 Day CHG~0.00%
Published-09 Apr, 2026 | 21:38
Updated-17 Apr, 2026 | 17:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Junos OS: SRX Series: In a NAT64 configuration, receipt of a specific, malformed ICMPv6 packet will cause the srxpfe process to crash and restart.

An Improper Check for Unusual or Exceptional Conditions vulnerability in the flow daemon (flowd) of Juniper Networks Junos OS on SRX Series allows an attacker sending a specific, malformed ICMPv6 packet to cause the srxpfe process to crash and restart. Continued receipt and processing of these packets will repeatedly crash the srxpfe process and sustain the Denial of Service (DoS) condition. During NAT64 translation, receipt of a specific, malformed ICMPv6 packet destined to the device will cause the srxpfe process to crash and restart. This issue cannot be triggered using IPv4 nor other IPv6 traffic. This issue affects Junos OS on SRX Series: * all versions before 21.2R3-S10, * all versions of 21.3, * from 21.4 before 21.4R3-S12, * all versions of 22.1, * from 22.2 before 22.2R3-S8, * all versions of 22.4, * from 22.4 before 22.4R3-S9, * from 23.2 before 23.2R2-S6, * from 23.4 before 23.4R2-S7, * from 24.2 before 24.2R2-S3, * from 24.4 before 24.4R2-S3, * from 25.2 before 25.2R1-S2, 25.2R2.

Action-Not Available
Vendor-Juniper Networks, Inc.
Product-srx5400srx5800srx1600srx345junossrx2300srx4700srx4600srx300srx380srx340srx1500srx4100srx4300srx4200srx320srx4120srx5600Junos OS
CWE ID-CWE-754
Improper Check for Unusual or Exceptional Conditions
CVE-2026-33787
Assigner-Juniper Networks, Inc.
ShareView Details
Assigner-Juniper Networks, Inc.
CVSS Score-6.8||MEDIUM
EPSS-0.09% / 0.72%
||
7 Day CHG~0.00%
Published-09 Apr, 2026 | 21:37
Updated-17 Apr, 2026 | 17:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Junos OS: SRX1500, SRX4100, SRX4200, SRX4600: When a specific show command is executed chassisd crashes

An Improper Check for Unusual or Exceptional Conditions vulnerability in the chassis control daemon (chassisd) of Juniper Networks Junos OS on SRX1500, SRX4100, SRX4200 and SRX4600 allows a local attacker with low privileges to cause a complete Denial of Service (DoS). When a specific 'show chassis' CLI command is executed, chassisd crashes and restarts which causes a momentary impact to all traffic until all modules are online again. This issue affects Junos OS on SRX1500, SRX4100, SRX4200 and SRX4600:  * 23.2 versions before 23.2R2-S6, * 23.4 versions before 23.4R2-S7 * 24.2 versions before 24.2R2-S2, * 24.4 versions before 24.4R2, * 25.2 versions before 25.2R1-S1, 25.2R2.

Action-Not Available
Vendor-Juniper Networks, Inc.
Product-srx4600srx1500srx4100srx4200junosJunos OS
CWE ID-CWE-754
Improper Check for Unusual or Exceptional Conditions
CVE-2026-33785
Assigner-Juniper Networks, Inc.
ShareView Details
Assigner-Juniper Networks, Inc.
CVSS Score-6.3||MEDIUM
EPSS-0.14% / 3.56%
||
7 Day CHG~0.00%
Published-09 Apr, 2026 | 21:37
Updated-17 Apr, 2026 | 17:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Junos OS: MX Series: Missing Authorization for specific 'request' CLI commands in a JDM/CSDS scenario

A Missing Authorization vulnerability in the CLI of Juniper Networks Junos OS on MX Series allows a local, authenticated user with low privileges to execute specific commands which will lead to a complete compromise of managed devices. Any user logged in, without requiring specific privileges, can issue 'request csds' CLI operational commands. These commands are only meant to be executed by high privileged or users designated for Juniper Device Manager (JDM) / Connected Security Distributed Services (CSDS) operations as they will impact all aspects of the devices managed via the respective MX. This issue affects Junos OS on MX Series: * 24.4 releases before 24.4R2-S3,  * 25.2 releases before 25.2R2. This issue does not affect Junos OS releases before 24.4.

Action-Not Available
Vendor-Juniper Networks, Inc.
Product-mx204mx2008mx10004mx10008mx2020mx960mx301mx240mx304mx2010mx480junosJunos OS
CWE ID-CWE-862
Missing Authorization
CVE-2026-33781
Assigner-Juniper Networks, Inc.
ShareView Details
Assigner-Juniper Networks, Inc.
CVSS Score-7.1||HIGH
EPSS-0.17% / 6.06%
||
7 Day CHG~0.00%
Published-09 Apr, 2026 | 21:35
Updated-17 Apr, 2026 | 17:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Junos OS: EX Series, QFX Series: In a VXLAN scenario when specific control protocol packets are received, memory leaks and eventually no traffic is passed

An Improper Check for Unusual or Exceptional Conditions vulnerability in the packet forwarding engine (pfe) of Juniper Networks Junos OS on specific EX and QFX Series devices allow an unauthenticated, adjacent attacker to cause a complete Denial of Service (DoS). On EX4k, and QFX5k platforms configured as service-provider edge devices, if L2PT is enabled on the UNI and VSTP is enabled on NNI in VXLAN scenarios, receiving VSTP BPDUs on UNI leads to packet buffer allocation failures, resulting in the device to not pass traffic anymore until it is manually recovered with a restart.This issue affects Junos OS: * 24.4 releases before 24.4R2, * 25.2 releases before 25.2R1-S1, 25.2R2. This issue does not affect Junos OS releases before 24.4R1.

Action-Not Available
Vendor-Juniper Networks, Inc.
Product-ex4000ex4300qfx5200qfx5230-64cdjunosqfx5700ex4600qfx5120qfx5240qfx5110qfx5210ex4100-fex4100qfx5241ex4650qfx5220ex4400qfx5130ex4100-hJunos OS
CWE ID-CWE-754
Improper Check for Unusual or Exceptional Conditions
CVE-2026-33778
Assigner-Juniper Networks, Inc.
ShareView Details
Assigner-Juniper Networks, Inc.
CVSS Score-8.7||HIGH
EPSS-0.34% / 25.99%
||
7 Day CHG~0.00%
Published-09 Apr, 2026 | 21:35
Updated-17 Apr, 2026 | 17:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Junos OS: SRX Series, MX Series: When a specifically malformed first ISAKMP packet is received kmd/iked crashes

An Improper Validation of Syntactic Correctness of Input vulnerability in the IPsec library used by kmd and iked of Juniper Networks Junos OS on SRX Series and MX Series allows an unauthenticated, network-based attacker to cause a complete Denial-of-Service (DoS). If an affected device receives a specifically malformed first ISAKMP packet from the initiator, the kmd/iked process will crash and restart, which momentarily prevents new security associations (SAs) for from being established. Repeated exploitation of this vulnerability causes a complete inability to establish new VPN connections. This issue affects Junos OS on SRX Series and MX Series: * all versions before 22.4R3-S9, * 23.2 version before 23.2R2-S6, * 23.4 version before 23.4R2-S7, * 24.2 versions before 24.2R2-S4, * 24.4 versions before 24.4R2-S3, * 25.2 versions before 25.2R1-S2, 25.2R2.

Action-Not Available
Vendor-Juniper Networks, Inc.
Product-mx10004srx5400mx301mx240srx5800mx304srx1600mx480junosmx960srx345mx204srx2300srx4700srx4600mx2008srx300mx10008mx2020srx380srx340mx2010srx4100srx1500srx4300srx4200srx320srx4120srx5600Junos OS
CWE ID-CWE-1286
Improper Validation of Syntactic Correctness of Input
CVE-2026-33776
Assigner-Juniper Networks, Inc.
ShareView Details
Assigner-Juniper Networks, Inc.
CVSS Score-6.8||MEDIUM
EPSS-0.09% / 0.65%
||
7 Day CHG~0.00%
Published-09 Apr, 2026 | 21:34
Updated-16 Apr, 2026 | 18:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Junos OS and Junos OS Evolved: Specific low privileged CLI command exposes sensitive information

A Missing Authorization vulnerability in the CLI of Juniper Networks Junos OS and Junos OS Evolved allows a local user with low privileges to read sensitive information. A local user with low privileges can execute the CLI command 'show mgd' with specific arguments which will expose sensitive information. This issue affects Junos OS: * all versions before 22.4R3-S8, * 23.2 versions before 23.2R2-S6, * 23.4 versions before 23.4R2-S6, * 24.2 versions before 24.2R2-S4, * 24.4 versions before 24.4R2-S1, * 25.2 version before 25.2R1-S2, 25.2R2; Junos OS Evolved: * all versions before 23.2R2-S6-EVO, * 23.4 version before 23.4R2-S6-EVO, * 24.2 version before 24.2R2-S4-EVO, * 24.4 versions before 24.4R2-S1-EVO, * 25.2 versions before 25.2R2-EVO.

Action-Not Available
Vendor-Juniper Networks, Inc.
Product-junosjunos_os_evolvedJunos OS EvolvedJunos OS
CWE ID-CWE-862
Missing Authorization
CVE-2026-33774
Assigner-Juniper Networks, Inc.
ShareView Details
Assigner-Juniper Networks, Inc.
CVSS Score-6.9||MEDIUM
EPSS-0.17% / 7.02%
||
7 Day CHG~0.00%
Published-09 Apr, 2026 | 21:34
Updated-08 Jul, 2026 | 03:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Junos OS: MX Series: Firewall filters on lo0.<non-0> in the default routing instance are not in effect

An Improper Check for Unusual or Exceptional Conditions vulnerability in the packet forwarding engine (pfe) of Juniper Networks Junos OS on MX Series allows an unauthenticated, network-based attacker to bypass the configured firewall filter and access the control-plane of the device. On MX platforms with MPC10, MPC11, LC4800 or LC9600 line cards, and MX304, firewall filters applied on a loopback interface lo0.n (where n is a non-0 number) don't get executed when lo0.n is in the global VRF / default routing-instance. An affected configuration would be: user@host# show configuration interfaces lo0 | display set set interfaces lo0 unit 1 family inet filter input <filter-name> where a firewall filter is applied to a non-0 loopback interface, but that loopback interface is not referred to in any routing-instance (RI) configuration, which implies that it's used in the default RI. The issue can be observed with the CLI command: user@device> show firewall counter filter <filter_name> not showing any matches. This issue affects Junos OS on MX Series: * all versions before 23.2R2-S6, * 23.4 versions before 23.4R2-S7, * 24.2 versions before 24.2R2, * 24.4 versions before 24.4R2.

Action-Not Available
Vendor-Juniper Networks, Inc.
Product-mpc11mx304junoslc4800mpc10Junos OS
CWE ID-CWE-754
Improper Check for Unusual or Exceptional Conditions
CVE-2026-33797
Assigner-Juniper Networks, Inc.
ShareView Details
Assigner-Juniper Networks, Inc.
CVSS Score-7.1||HIGH
EPSS-0.17% / 6.16%
||
7 Day CHG~0.00%
Published-09 Apr, 2026 | 21:31
Updated-23 Apr, 2026 | 21:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Junos OS and Junos OS Evolved: An attacker sending a specific genuine BGP packet causes a BGP reset

An Improper Input Validation vulnerability in Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, adjacent attacker, sending a specific genuine BGP packet in an already established BGP session to reset only that session causing a Denial of Service (DoS). An attacker repeatedly sending the packet will sustain the Denial of Service (DoS).This issue affects Junos OS: * 25.2 versions before 25.2R2 This issue does not affect Junos OS versions before 25.2R1. This issue affects Junos OS Evolved: * 25.2-EVO versions before 25.2R2-EVO This issue does not affect Junos OS Evolved versions before 25.2R1-EVO. eBGP and iBGP are affected. IPv4 and IPv6 are affected.

Action-Not Available
Vendor-Juniper Networks, Inc.
Product-junos_os_evolvedjunosJunos OSJunos OS Evolved
CWE ID-CWE-20
Improper Input Validation
CVE-2026-33779
Assigner-Juniper Networks, Inc.
ShareView Details
Assigner-Juniper Networks, Inc.
CVSS Score-8.3||HIGH
EPSS-0.12% / 2.29%
||
7 Day CHG~0.00%
Published-09 Apr, 2026 | 21:30
Updated-17 Apr, 2026 | 17:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Junos OS: SRX Series: Insufficient certificate verification for device to SD cloud communication

An Improper Following of a Certificate's Chain of Trust vulnerability in J-Web of Juniper Networks Junos OS on SRX Series allows a PITM to intercept the communication of the device and get access to confidential information and potentially modify it. When an SRX device is provisioned to connect to Security Director (SD) cloud, it doesn't perform sufficient verification of the received server certificate. This allows a PITM to intercept the communication between the SRX and SD cloud and access credentials and other sensitive information. This issue affects Junos OS: * all versions before 22.4R3-S9, * 23.2 versions before 23.2R2-S6, * 23.4 versions before 23.4R2-S7, * 24.2 versions before 24.2R2-S3, * 24.4 versions before 24.4R2-S2, * 25.2 versions before 25.2R1-S2, 25.2R2.

Action-Not Available
Vendor-Juniper Networks, Inc.
Product-srx5400srx5800srx1600srx345junossrx2300srx4700srx4600srx300srx380srx340srx1500srx4100srx4300srx4200srx320srx4120srx5600Junos OS
CWE ID-CWE-296
Improper Following of a Certificate's Chain of Trust
CVE-2026-33775
Assigner-Juniper Networks, Inc.
ShareView Details
Assigner-Juniper Networks, Inc.
CVSS Score-7.1||HIGH
EPSS-0.19% / 9.36%
||
7 Day CHG~0.00%
Published-09 Apr, 2026 | 21:30
Updated-17 Apr, 2026 | 17:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Junos OS: MX Series: Mismatch between configured and received packet types causes memory leak in bbe-smgd

A Missing Release of Memory after Effective Lifetime vulnerability in the BroadBand Edge subscriber management daemon (bbe-smgd) of Juniper Networks Junos OS on MX Series allows an adjacent, unauthenticated attacker to cause a Denial of Service (DoS). If the authentication packet-type option is configured and a received packet does not match that packet type, the memory leak occurs. When all memory available to bbe-smgd has been consumed, no new subscribers will be able to login. The memory utilization of bbe-smgd can be monitored with the following show command: user@host> show system processes extensive | match bbe-smgd The below log message can be observed when this limit has been reached: bbesmgd[<PID>]: %DAEMON-3-SMD_DPROF_RSMON_ERROR: Resource unavailability, Reason: Daemon Heap Memory exhaustion This issue affects Junos OS on MX Series: * all versions before 22.4R3-S8, * 23.2 versions before 23.2R2-S5, * 23.4 versions before 23.4R2-S6, * 24.2 versions before 24.2R2-S2, * 24.4 versions before 24.4R2, * 25.2 versions before 25.2R2.

Action-Not Available
Vendor-Juniper Networks, Inc.
Product-mx204mx2008mx10004mx10008mx2020mx960mx301mx240mx304mx2010mx480junosJunos OS
CWE ID-CWE-401
Missing Release of Memory after Effective Lifetime
CVE-2026-33782
Assigner-Juniper Networks, Inc.
ShareView Details
Assigner-Juniper Networks, Inc.
CVSS Score-8.7||HIGH
EPSS-0.29% / 20.74%
||
7 Day CHG~0.00%
Published-09 Apr, 2026 | 21:29
Updated-17 Apr, 2026 | 17:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Junos OS: MX Series: In specific DHCPv6 scenarios jdhcpd memory increases continuously with subscriber logouts

A Missing Release of Memory after Effective Lifetime vulnerability in the DHCP daemon (jdhcpd) of Juniper Networks Junos OS on MX Series, allows an adjacent, unauthenticated attacker to cause a memory leak, that will eventually cause a complete Denial-of-Service (DoS). In a DHCPv6 over PPPoE, or DHCPv6 over VLAN with Active lease query or Bulk lease query scenario, every subscriber logout will leak a small amount of memory. When all available memory has been exhausted, jdhcpd will crash and restart which causes a complete service impact until the process has recovered. The memory usage of jdhcpd can be monitored with: user@host> show system processes extensive | match jdhcpd This issue affects Junos OS: * all versions before 22.4R3-S1, * 23.2 versions before 23.2R2, * 23.4 versions before 23.4R2.

Action-Not Available
Vendor-Juniper Networks, Inc.
Product-mx204mx2008mx10004mx10008mx2020mx960mx301mx240mx304mx2010mx480junosJunos OS
CWE ID-CWE-401
Missing Release of Memory after Effective Lifetime
CVE-2026-33780
Assigner-Juniper Networks, Inc.
ShareView Details
Assigner-Juniper Networks, Inc.
CVSS Score-7.1||HIGH
EPSS-0.17% / 6.93%
||
7 Day CHG~0.00%
Published-09 Apr, 2026 | 21:29
Updated-17 Apr, 2026 | 17:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Junos OS and Junos OS Evolved: In an EVPN-MPLS scenario churn of ESI routes causes a memory leak in l2ald

A Missing Release of Memory after Effective Lifetime vulnerability in the Layer 2 Address Learning Daemon (l2ald) of Juniper Networks Junos OS and Junos OS Evolved allows an adjacent, unauthenticated attacker to cause a memory leak ultimately leading to a Denial of Service (DoS). In an EVPN-MPLS scenario, routes learned from remote multi-homed Provider Edge (PE) devices are programmed as ESI routes. Due to a logic issue in the l2ald memory management, memory allocated for these routes is not released when there is churn for these routes. As a result, memory leaks in the l2ald process which will ultimately lead to a crash and restart of l2ald. Use the following command to monitor the memory consumption by l2ald: user@device> show system process extensive | match "PID|l2ald" This issue affects: Junos OS: * all versions before 22.4R3-S5, * 23.2 versions before 23.2R2-S3, * 23.4 versions before 23.4R2-S4, * 24.2 versions before 24.2R2; Junos OS Evolved: * all versions before 22.4R3-S5-EVO, * 23.2 versions before 23.2R2-S3-EVO, * 23.4 versions before 23.4R2-S4-EVO, * 24.2 versions before 24.2R2-EVO.

Action-Not Available
Vendor-Juniper Networks, Inc.
Product-junosjunos_os_evolvedJunos OS EvolvedJunos OS
CWE ID-CWE-401
Missing Release of Memory after Effective Lifetime
CVE-2026-33773
Assigner-Juniper Networks, Inc.
ShareView Details
Assigner-Juniper Networks, Inc.
CVSS Score-6.9||MEDIUM
EPSS-0.20% / 10.05%
||
7 Day CHG~0.00%
Published-09 Apr, 2026 | 21:28
Updated-17 Apr, 2026 | 17:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Junos OS: EX Series, QFX Series: If the same egress filter is configured on both an IRB and a physical interface one of those is not applied

An Incorrect Initialization of Resource vulnerability in the packet forwarding engine (pfe) of Juniper Networks Junos OS on specific EX Series and QFX Series device allows an unauthenticated, network-based attacker to cause an integrity impact to downstream networks. When the same family inet or inet6 filter is applied on an IRB interface and on a physical interface as egress filter on EX4100, EX4400, EX4650 and QFX5120 devices, only one of the two filters will be applied, which can lead to traffic being sent out one of these interfaces which should have been blocked. This issue affects Junos OS on EX Series and QFX Series: * 23.4 version 23.4R2-S6, * 24.2 version 24.2R2-S3. No other Junos OS versions are affected.

Action-Not Available
Vendor-Juniper Networks, Inc.
Product-ex4000ex9214ex4300qfx10008qfx5200ex3400ex9204junosqfx5230-64cdqfx5700ex4600ex9208qfx5120qfx5240qfx5110ex2300-cqfx5210ex2300ex4100-fex4100qfx5241ex4650qfx5220ex4400qfx10016qfx5130ex4100-hJunos OS
CWE ID-CWE-1419
Incorrect Initialization of Resource
CVE-2026-33786
Assigner-Juniper Networks, Inc.
ShareView Details
Assigner-Juniper Networks, Inc.
CVSS Score-6.8||MEDIUM
EPSS-0.10% / 0.83%
||
7 Day CHG~0.00%
Published-09 Apr, 2026 | 21:28
Updated-17 Apr, 2026 | 17:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Junos OS: SRX1600, SRX2300, SRX4300: When a specific show command is executed chassisd crashes

An Improper Check for Unusual or Exceptional Conditions vulnerability in the chassis control daemon (chassisd) of Juniper Networks Junos OS on SRX1600, SRX2300 and SRX4300 allows a local attacker with low privileges to cause a complete Denial of Service (DoS). When a specific 'show chassis' CLI command is executed, chassisd crashes and restarts which causes a momentary impact to all traffic until all modules are online again. This issue affects Junos OS on SRX1600, SRX2300 and SRX4300: * 24.4 versions before 24.4R1-S3, 24.4R2. This issue does not affect Junos OS versions before 24.4R1.

Action-Not Available
Vendor-Juniper Networks, Inc.
Product-srx2300junossrx1600srx4300Junos OS
CWE ID-CWE-754
Improper Check for Unusual or Exceptional Conditions
CVE-2026-21916
Assigner-Juniper Networks, Inc.
ShareView Details
Assigner-Juniper Networks, Inc.
CVSS Score-7||HIGH
EPSS-0.13% / 2.92%
||
7 Day CHG~0.00%
Published-09 Apr, 2026 | 21:28
Updated-17 Apr, 2026 | 18:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Junos OS: A low privileged user can escalate their privileges so that they can login as root

A UNIX Symbolic Link (Symlink) Following vulnerability in the CLI of Juniper Networks Junos OS allows a local, authenticated attacker with low privileges to escalate their privileges to root which will lead to a complete compromise of the system. When after a user has performed a specific 'file link ...' CLI operation, another user commits (unrelated configuration changes), the first user can login as root. This issue affects Junos OS: * all versions before 23.2R2-S7, * 23.4 versions before 23.4R2-S6, * 24.2 versions before 24.2R2-S3, * 24.4 versions before 24.4R2-S2, * 25.2 versions before 25.2R2. This issue does not affect versions 25.4R1 or later.

Action-Not Available
Vendor-Juniper Networks, Inc.
Product-junosJunos OS
CWE ID-CWE-61
UNIX Symbolic Link (Symlink) Following
CVE-2026-33788
Assigner-Juniper Networks, Inc.
ShareView Details
Assigner-Juniper Networks, Inc.
CVSS Score-8.5||HIGH
EPSS-0.11% / 1.80%
||
7 Day CHG~0.00%
Published-09 Apr, 2026 | 21:27
Updated-08 Jul, 2026 | 03:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Junos OS Evolved: Local, authenticated attacker can gain privileged access to FPCs

A Missing Authentication for Critical Function vulnerability in the Flexible PIC Concentrators (FPCs) of Juniper Networks Junos OS Evolved on PTX Series allows a local, authenticated attacker with low privileges to gain direct access to FPCs installed in the device. A local user with low privileges can gain direct access to the installed FPCs as a high privileged user, which can potentially lead to a full compromise of the affected component. This issue affects Junos OS Evolved on PTX10004, PTX10008, PTX100016, with JNP10K-LC1201 or JNP10K-LC1202: * All versions before 21.2R3-S8-EVO, * 21.4-EVO versions before 21.4R3-S7-EVO, * 22.2-EVO versions before 22.2R3-S4-EVO, * 22.3-EVO versions before 22.3R3-S3-EVO, * 22.4-EVO versions before 22.4R3-S2-EVO, * 23.2-EVO versions before 23.2R2-EVO.

Action-Not Available
Vendor-Juniper Networks, Inc.
Product-jnp10k-lc1202ptx100016ptx10008junosjnp10k-lc1201ptx10004Junos OS Evolved
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2026-21919
Assigner-Juniper Networks, Inc.
ShareView Details
Assigner-Juniper Networks, Inc.
CVSS Score-7.1||HIGH
EPSS-0.23% / 13.64%
||
7 Day CHG~0.00%
Published-09 Apr, 2026 | 21:26
Updated-17 Apr, 2026 | 18:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Junos OS and Junos OS Evolved: A high frequency of connecting and disconnecting NETCONF sessions causes management unavailability

An Incorrect Synchronization vulnerability in the management daemon (mgd) of Juniper Networks Junos OS and Junos OS Evolved allows a network-based attacker with low privileges to cause a complete Denial-of-Service (DoS) of the management plane. When NETCONF sessions are quickly established and disconnected, a locking issue causes mgd processes to hang in an unusable state. When the maximum number of mgd processes has been reached, no new logins are possible. This leads to the inability to manage the device and requires a power-cycle to recover. This issue can be monitored by checking for mgd processes in lockf state in the output of 'show system processes extensive': user@host> show system processes extensive | match mgd <pid> root       20   0 501M 4640K lockf   1 0:01 0.00% mgd If the system still can be accessed (either via the CLI or as root, which might still be possible as last resort as this won't invoke mgd), mgd processes in this state can be killed with 'request system process terminate <PID>' from the CLI or with 'kill -9 <PID>' from the shell.  This issue affects: Junos OS: * 23.4 versions before 23.4R2-S4, * 24.2 versions before 24.2R2-S1, * 24.4 versions before 24.4R1-S3, 24.4R2; This issue does not affect Junos OS versions before 23.4R1; Junos OS Evolved: * 23.4 versions before 23.4R2-S5-EVO, * 24.2 versions before 24.2R2-S1-EVO, * 24.4 versions before 24.4R1-S3-EVO, 24.4R2-EVO. This issue does not affect Junos OS Evolved versions before 23.4R1-EVO;

Action-Not Available
Vendor-Juniper Networks, Inc.
Product-junosjunos_os_evolvedJunos OS EvolvedJunos OS
CWE ID-CWE-821
Incorrect Synchronization
CVE-2026-33793
Assigner-Juniper Networks, Inc.
ShareView Details
Assigner-Juniper Networks, Inc.
CVSS Score-8.5||HIGH
EPSS-0.16% / 5.49%
||
7 Day CHG~0.00%
Published-09 Apr, 2026 | 21:24
Updated-16 Apr, 2026 | 18:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Junos OS and Junos OS Evolved: When an unsigned Python op script configuration is present, a local low privileged user can compromise the system

An Execution with Unnecessary Privileges vulnerability in the User Interface (UI) of Juniper Networks Junos OS and Junos OS Evolved allows a local, low-privileged attacker to gain root privileges, thus compromising the system. When a configuration that allows unsigned Python op scripts is present on the device, a non-root user is able to execute malicious op scripts as a root-equivalent user, leading to privilege escalation.  This issue affects Junos OS:  * All versions before 22.4R3-S7,  * from 23.2 before 23.2R2-S4,  * from 23.4 before 23.4R2-S6, * from 24.2 before 24.2R1-S2, 24.2R2,  * from 24.4 before 24.4R1-S2, 24.4R2;  Junos OS Evolved:  * All versions before 22.4R3-S7-EVO,  * from 23.2 before 23.2R2-S4-EVO,  * from 23.4 before 23.4R2-S6-EVO, * from 24.2 before 24.2R2-EVO,  * from 24.4 before 24.4R1-S1-EVO, 24.4R2-EVO.

Action-Not Available
Vendor-Juniper Networks, Inc.
Product-junosjunos_os_evolvedJunos OS EvolvedJunos OS
CWE ID-CWE-250
Execution with Unnecessary Privileges
CVE-2026-21921
Assigner-Juniper Networks, Inc.
ShareView Details
Assigner-Juniper Networks, Inc.
CVSS Score-7.1||HIGH
EPSS-0.34% / 25.70%
||
7 Day CHG~0.00%
Published-15 Jan, 2026 | 20:28
Updated-23 Jan, 2026 | 18:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Junos OS and Junos OS Evolved: When telemetry collectors are frequently subscribing and unsubscribing to sensors chassisd or rpd will crash

A Use After Free vulnerability in the chassis daemon (chassisd) of Juniper Networks Junos OS and Junos OS Evolved allows a network-based attacker authenticated with low privileges to cause a Denial-of-Service (DoS). When telemetry collectors are frequently subscribing and unsubscribing to sensors continuously over a long period of time, telemetry-capable processes like chassisd, rpd or mib2d will crash and restart, which - depending on the process - can cause a complete outage until the system has recovered. This issue affects:  Junos OS:  * all versions before 22.4R3-S8, * 23.2 versions before 23.2R2-S5, * 23.4 versions before 23.4R2; Junos OS Evolved: * all versions before 22.4R3-S8-EVO, * 23.2 versions before 23.2R2-S5-EVO, * 23.4 versions before 23.4R2-EVO.

Action-Not Available
Vendor-Juniper Networks, Inc.
Product-junos_os_evolvedjunosJunos OS EvolvedJunos OS
CWE ID-CWE-416
Use After Free
CVE-2026-21920
Assigner-Juniper Networks, Inc.
ShareView Details
Assigner-Juniper Networks, Inc.
CVSS Score-8.7||HIGH
EPSS-0.44% / 35.50%
||
7 Day CHG~0.00%
Published-15 Jan, 2026 | 20:28
Updated-23 Jan, 2026 | 18:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Junos OS: SRX Series: If a specific request is processed by the DNS subsystem flowd will crash

An Unchecked Return Value vulnerability in the DNS module of Juniper Networks Junos OS on SRX Series allows an unauthenticated, network-based attacker to cause a Denial-of-Service (DoS). If an SRX Series device configured for DNS processing, receives a specifically formatted DNS request flowd will crash and restart, which causes a service interruption until the process has recovered. This issue affects Junos OS on SRX Series: * 23.4 versions before 23.4R2-S5, * 24.2 versions before 24.2R2-S1, * 24.4 versions before 24.4R2. This issue does not affect Junos OS versions before 23.4R1.

Action-Not Available
Vendor-Juniper Networks, Inc.
Product-srx345srx4200srx5600srx4700srx4100srx1500srx300srx340srx5400junossrx320srx4600srx5800srx4120srx4300srx2300srx380srx1600Junos OS
CWE ID-CWE-252
Unchecked Return Value
CVE-2026-21918
Assigner-Juniper Networks, Inc.
ShareView Details
Assigner-Juniper Networks, Inc.
CVSS Score-8.7||HIGH
EPSS-0.38% / 29.74%
||
7 Day CHG~0.00%
Published-15 Jan, 2026 | 20:27
Updated-23 Jan, 2026 | 19:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Junos OS: SRX and MX Series: When TCP packets occur in a specific sequence flowd crashes

A Double Free vulnerability in the flow processing daemon (flowd) of Juniper Networks Junos OS on SRX and MX Series allows an unauthenticated, network-based attacker to cause a Denial-of-Service (DoS). On all SRX and MX Series platforms, when during TCP session establishment a specific sequence of packets is encountered a double free happens. This causes flowd to crash and the respective FPC to restart. This issue affects Junos OS on SRX and MX Series: * all versions before 22.4R3-S7, * 23.2 versions before 23.2R2-S3, * 23.4 versions before 23.4R2-S4, * 24.2 versions before 24.2R2.

Action-Not Available
Vendor-Juniper Networks, Inc.
Product-srx345srx4200mx2008srx5600mx2010srx4700srx4100srx1500srx5400srx300srx340mx10008mx960junosmx480srx320srx4600srx5800srx4120srx380mx304mx204mx10004srx4300mx240srx2300mx2020srx1600Junos OS
CWE ID-CWE-415
Double Free
CVE-2026-21917
Assigner-Juniper Networks, Inc.
ShareView Details
Assigner-Juniper Networks, Inc.
CVSS Score-8.7||HIGH
EPSS-0.38% / 29.74%
||
7 Day CHG~0.00%
Published-15 Jan, 2026 | 20:27
Updated-23 Jan, 2026 | 19:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Junos OS: SRX Series: Specifically malformed SSL packet causes FPC crash

An Improper Validation of Syntactic Correctness of Input vulnerability in the Web-Filtering module of Juniper Networks Junos OS on SRX Series allows an unauthenticated, network-based attacker to cause a Denial-of-Service (DoS). If an SRX device configured for UTM Web-Filtering receives a specifically malformed SSL packet, this will cause an FPC crash and restart. This issue affects Junos OS on SRX Series: * 23.2 versions from 23.2R2-S2 before 23.2R2-S5,  * 23.4 versions from 23.4R2-S1 before 23.4R2-S5, * 24.2 versions before 24.2R2-S2, * 24.4 versions before 24.4R1-S3, 24.4R2. Earlier versions of Junos are also affected, but no fix is available.

Action-Not Available
Vendor-Juniper Networks, Inc.
Product-srx345srx4200srx5600srx4700srx4100srx1500srx300srx340srx5400junossrx320srx4600srx5800srx4120srx4300srx2300srx380srx1600Junos OS
CWE ID-CWE-1286
Improper Validation of Syntactic Correctness of Input
CVE-2026-21914
Assigner-Juniper Networks, Inc.
ShareView Details
Assigner-Juniper Networks, Inc.
CVSS Score-8.7||HIGH
EPSS-0.30% / 21.82%
||
7 Day CHG~0.00%
Published-15 Jan, 2026 | 20:25
Updated-23 Jan, 2026 | 19:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Junos OS: SRX Series: A specifically malformed GTP message will cause an FPC crash

An Improper Locking vulnerability in the GTP plugin of Juniper Networks Junos OS on SRX Series allows an unauthenticated, network-based attacker to cause a Denial-of-Service (Dos). If an SRX Series device receives a specifically malformed GPRS Tunnelling Protocol (GTP) Modify Bearer Request message, a lock is acquired and never released. This results in other threads not being able to acquire a lock themselves, causing a watchdog timeout leading to FPC crash and restart. This issue leads to a complete traffic outage until the device has automatically recovered. This issue affects Junos OS on SRX Series: * all versions before 22.4R3-S8, * 23.2 versions before 23.2R2-S5, * 23.4 versions before 23.4R2-S6, * 24.2 versions before 24.2R2-S3, * 24.4 versions before 24.4R2-S2, * 25.2 versions before 25.2R1-S1, 25.2R2.

Action-Not Available
Vendor-Juniper Networks, Inc.
Product-srx345srx4200srx5600srx4700srx4100srx1500srx300srx340srx5400junossrx320srx4600srx5800srx4120srx4300srx2300srx380srx1600Junos OS
CWE ID-CWE-667
Improper Locking
CVE-2026-21913
Assigner-Juniper Networks, Inc.
ShareView Details
Assigner-Juniper Networks, Inc.
CVSS Score-8.7||HIGH
EPSS-0.38% / 29.74%
||
7 Day CHG~0.00%
Published-15 Jan, 2026 | 20:25
Updated-23 Jan, 2026 | 19:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Junos OS: EX4000: A high volume of traffic destined to the device leads to a crash and restart

An Incorrect Initialization of Resource vulnerability in the Internal Device Manager (IDM) of Juniper Networks Junos OS on EX4000 models allows an unauthenticated, network-based attacker to cause a Denial-of-Service (DoS). On EX4000 models with 48 ports (EX4000-48T, EX4000-48P, EX4000-48MP) a high volume of traffic destined to the device will cause an FXPC crash and restart, which leads to a complete service outage until the device has automatically restarted. The following reboot reason can be seen in the output of 'show chassis routing-engine' and as a log message:   reason=0x4000002 reason_string=0x4000002:watchdog + panic with core dump This issue affects Junos OS on EX4000-48T, EX4000-48P and EX4000-48MP: * 24.4 versions before 24.4R2, * 25.2 versions before 25.2R1-S2, 25.2R2. This issue does not affect versions before 24.4R1 as the first Junos OS version for the EX4000 models was 24.4R1.

Action-Not Available
Vendor-Juniper Networks, Inc.
Product-ex4000-48pex4000-48tex4000-48mpjunosJunos OS
CWE ID-CWE-665
Improper Initialization
CWE ID-CWE-1419
Incorrect Initialization of Resource
CVE-2026-21912
Assigner-Juniper Networks, Inc.
ShareView Details
Assigner-Juniper Networks, Inc.
CVSS Score-6.8||MEDIUM
EPSS-0.10% / 1.18%
||
7 Day CHG~0.00%
Published-15 Jan, 2026 | 20:24
Updated-25 Feb, 2026 | 17:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Junos OS: MX10k Series: 'show system firmware' CLI command may lead to LC480 or LC2101 line card reset

A Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in the method to collect FPC Ethernet firmware statistics of Juniper Networks Junos OS on MX10k Series allows a local, low-privileged attacker executing the 'show system firmware' CLI command to cause an LC480 or LC2101 line card to reset. On MX10k Series systems with LC480 or LC2101 line cards, repeated execution of the 'show system firmware' CLI command can cause the line card to crash and restart. Additionally, some time after the line card crashes, chassisd may also crash and restart, generating a core dump.This issue affects Junos OS on MX10k Series:  * all versions before 21.2R3-S10,  * from 21.4 before 21.4R3-S9,  * from 22.2 before 22.2R3-S7,  * from 22.4 before 22.4R3-S6,  * from 23.2 before 23.2R2-S2,  * from 23.4 before 23.4R2-S3,  * from 24.2 before 24.2R2.

Action-Not Available
Vendor-Juniper Networks, Inc.
Product-lc480junosmx10008lc2101mx10004Junos OS
CWE ID-CWE-367
Time-of-check Time-of-use (TOCTOU) Race Condition
CVE-2026-21910
Assigner-Juniper Networks, Inc.
ShareView Details
Assigner-Juniper Networks, Inc.
CVSS Score-7.1||HIGH
EPSS-0.25% / 16.19%
||
7 Day CHG~0.00%
Published-15 Jan, 2026 | 20:23
Updated-25 Feb, 2026 | 17:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Junos OS: EX4k Series, QFX5k Series: In an EVPN-VXLAN configuration link flaps cause Inter-VNI traffic drop

An Improper Check for Unusual or Exceptional Conditions vulnerability in the packet forwarding engine (PFE) of Juniper Networks Junos OS on EX4k Series and QFX5k Series platforms allows an unauthenticated network-adjacent attacker flapping an interface to cause traffic between VXLAN Network Identifiers (VNIs) to drop, leading to a Denial of Service (DoS). On all EX4k and QFX5k platforms, a link flap in an EVPN-VXLAN configuration Link Aggregation Group (LAG) results in Inter-VNI traffic dropping when there are multiple load-balanced next-hop routes for the same destination. This issue is only applicable to systems that support EVPN-VXLAN Virtual Port-Link Aggregation Groups (VPLAG), such as the QFX5110, QFX5120, QFX5200, EX4100, EX4300, EX4400, and EX4650. Service can only be restored by restarting the affected FPC via the 'request chassis fpc restart slot <slot-number>' command. This issue affects Junos OS on EX4k and QFX5k Series:  * all versions before 21.4R3-S12,  * all versions of 22.2 * from 22.4 before 22.4R3-S8,  * from 23.2 before 23.2R2-S5,  * from 23.4 before 23.4R2-S5,  * from 24.2 before 24.2R2-S3, * from 24.4 before 24.4R2.

Action-Not Available
Vendor-Juniper Networks, Inc.
Product-ex4300qfx5230-64cdqfx5110qfx5200qfx5240ex4000ex4100-fqfx5210ex4100-hqfx5220ex4100qfx5130ex4400ex4650ex4600qfx5241qfx5120junosqfx5700Junos OS
CWE ID-CWE-754
Improper Check for Unusual or Exceptional Conditions
CVE-2026-21909
Assigner-Juniper Networks, Inc.
ShareView Details
Assigner-Juniper Networks, Inc.
CVSS Score-7.1||HIGH
EPSS-0.24% / 14.44%
||
7 Day CHG~0.00%
Published-15 Jan, 2026 | 20:22
Updated-23 Jan, 2026 | 19:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Junos OS and Junos OS Evolved: Receipt of specific IS-IS update packet causes memory leak leading to RPD crash

A Missing Release of Memory after Effective Lifetime vulnerability in the routing protocol daemon (rpd) Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated attacker controlling an adjacent IS-IS neighbor to send a specific update packet causing a memory leak. Continued receipt and processing of these packets will exhaust all available memory, crashing rpd and creating a Denial of Service (DoS) condition. Memory usage can be monitored through the use of the 'show task memory detail' command. For example: user@junos> show task memory detail | match ted-infra   TED-INFRA-COOKIE           25   1072     28   1184     229 user@junos> show task memory detail | match ted-infra   TED-INFRA-COOKIE           31   1360     34   1472     307 This issue affects: Junos OS:  * from 23.2 before 23.2R2,  * from 23.4 before 23.4R1-S2, 23.4R2,  * from 24.1 before 24.1R2;  Junos OS Evolved:  * from 23.2 before 23.2R2-EVO,  * from 23.4 before 23.4R1-S2-EVO, 23.4R2-EVO,  * from 24.1 before 24.1R2-EVO. This issue does not affect Junos OS versions before 23.2R1 or Junos OS Evolved versions before 23.2R1-EVO.

Action-Not Available
Vendor-Juniper Networks, Inc.
Product-junos_os_evolvedjunosJunos OS EvolvedJunos OS
CWE ID-CWE-401
Missing Release of Memory after Effective Lifetime
CVE-2026-21908
Assigner-Juniper Networks, Inc.
ShareView Details
Assigner-Juniper Networks, Inc.
CVSS Score-7.5||HIGH
EPSS-0.29% / 21.25%
||
7 Day CHG~0.00%
Published-15 Jan, 2026 | 20:21
Updated-26 Feb, 2026 | 15:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Junos OS and Junos OS Evolved: Use after free vulnerability In 802.1X authentication daemon can cause crash of the dot1xd process

A Use After Free vulnerability was identified in the 802.1X authentication daemon (dot1xd) of Juniper Networks Junos OS and Junos OS Evolved that could allow an authenticated, network-adjacent attacker flapping a port to crash the dot1xd process, leading to a Denial of Service (DoS), or potentially execute arbitrary code within the context of the process running as root. The issue is specific to the processing of a change in authorization (CoA) when a port bounce occurs. A pointer is freed but was then referenced later in the same code path. Successful exploitation is outside the attacker's direct control due to the specific timing of the two events required to execute the vulnerable code path. This issue affects systems with 802.1X authentication port-based network access control (PNAC) enabled. This issue affects: Junos OS:  * from 23.2R2-S1 before 23.2R2-S5,  * from 23.4R2 before 23.4R2-S6,  * from 24.2 before 24.2R2-S3,  * from 24.4 before 24.4R2-S1,  * from 25.2 before 25.2R1-S2, 25.2R2;  Junos OS Evolved:  * from 23.2R2-S1 before 23.2R2-S5-EVO,  * from 23.4R2 before 23.4R2-S6-EVO,  * from 24.2 before 24.2R2-S3-EVO,  * from 24.4 before 24.4R2-S1-EVO,  * from 25.2 before 25.2R1-S2-EVO, 25.2R2-EVO.

Action-Not Available
Vendor-Juniper Networks, Inc.
Product-junos_os_evolvedjunosJunos OS EvolvedJunos OS
CWE ID-CWE-416
Use After Free
CVE-2026-21906
Assigner-Juniper Networks, Inc.
ShareView Details
Assigner-Juniper Networks, Inc.
CVSS Score-8.7||HIGH
EPSS-0.50% / 39.33%
||
7 Day CHG~0.00%
Published-15 Jan, 2026 | 20:20
Updated-23 Jan, 2026 | 19:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Junos OS: SRX Series: With GRE performance acceleration enabled, receipt of a specific ICMP packet causes the PFE to crash

An Improper Handling of Exceptional Conditions vulnerability in the packet forwarding engine (PFE) of Juniper Networks Junos OS on SRX Series allows an unauthenticated network-based attacker sending a specific ICMP packet through a GRE tunnel to cause the PFE to crash and restart. When PowerMode IPsec (PMI) and GRE performance acceleration are enabled and the device receives a specific ICMP packet, a crash occurs in the SRX PFE, resulting in traffic loss. PMI is enabled by default, and GRE performance acceleration can be enabled by running the configuration command shown below. PMI is a mode of operation that provides IPsec performance improvements using Vector Packet Processing. Note that PMI with GRE performance acceleration is only supported on specific SRX platforms. This issue affects Junos OS on the SRX Series: * all versions before 21.4R3-S12,  * from 22.4 before 22.4R3-S8,  * from 23.2 before 23.2R2-S5,  * from 23.4 before 23.4R2-S5,  * from 24.2 before 24.2R2-S3,  * from 24.4 before 24.4R2-S1,  * from 25.2 before 25.2R1-S1, 25.2R2.

Action-Not Available
Vendor-Juniper Networks, Inc.
Product-srx345srx4200srx5600srx4700srx4100srx1500srx300srx340srx5400junossrx320srx4600srx5800srx4120srx4300srx2300srx380srx1600Junos OS
CWE ID-CWE-755
Improper Handling of Exceptional Conditions
CVE-2026-21905
Assigner-Juniper Networks, Inc.
ShareView Details
Assigner-Juniper Networks, Inc.
CVSS Score-8.7||HIGH
EPSS-0.37% / 28.96%
||
7 Day CHG~0.00%
Published-15 Jan, 2026 | 20:19
Updated-23 Jan, 2026 | 19:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Junos OS: SRX Series, MX Series with MX-SPC3 or MS-MPC: Receipt of multiple specific SIP messages results in flow management process crash

A Loop with Unreachable Exit Condition ('Infinite Loop') vulnerability in the SIP application layer gateway (ALG) of Juniper Networks Junos OS on SRX Series and MX Series with MX-SPC3 or MS-MPC allows an unauthenticated network-based attacker sending specific SIP messages over TCP to crash the flow management process, leading to a Denial of Service (DoS). On SRX Series, and MX Series with MX-SPC3 or MS-MPC service cards, receipt of multiple SIP messages causes the SIP headers to be parsed incorrectly, eventually causing a continuous loop and leading to a watchdog timer expiration, crashing the flowd process on SRX Series and MX Series with MX-SPC3, or mspmand process on MX Series with MS-MPC. This issue only occurs over TCP. SIP messages sent over UDP cannot trigger this issue. This issue affects Junos OS on SRX Series and MX Series with MX-SPC3 and MS-MPC: * all versions before 21.2R3-S10,  * from 21.4 before 21.4R3-S12,  * from 22.4 before 22.4R3-S8,  * from 23.2 before 23.2R2-S5,  * from 23.4 before 23.4R2-S6,  * from 24.2 before 24.2R2-S3,  * from 24.4 before 24.4R2-S1,  * from 25.2 before 25.2R1-S1, 25.2R2.

Action-Not Available
Vendor-Juniper Networks, Inc.
Product-srx345srx4200mx2008srx5600mx2010srx4700srx4100srx1500srx5400srx300srx340mx10008mx960junosmx480srx320srx4600srx5800srx4120srx380mx304mx204mx10004srx4300mx240srx2300mx2020srx1600Junos OS
CWE ID-CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
CVE-2026-21903
Assigner-Juniper Networks, Inc.
ShareView Details
Assigner-Juniper Networks, Inc.
CVSS Score-7.1||HIGH
EPSS-0.36% / 28.24%
||
7 Day CHG~0.00%
Published-15 Jan, 2026 | 20:18
Updated-23 Jan, 2026 | 19:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Junos OS: Subscribing to telemetry sensors at scale causes all FPCs to crash

A Stack-based Buffer Overflow vulnerability in the Packet Forwarding Engine (pfe) of Juniper Networks Junos OS allows a network-based attacker, authenticated with low privileges to cause a Denial-of-Service (DoS). Subscribing to telemetry sensors at scale causes all FPC connections to drop, resulting in an FPC crash and restart. The issue was not seen when YANG packages for the specific sensors were installed. This issue affects Junos OS:  * all versions before 22.4R3-S7, * 23.2 version before 23.2R2-S4, * 23.4 versions before 23.4R2.

Action-Not Available
Vendor-Juniper Networks, Inc.
Product-junosJunos OS
CWE ID-CWE-121
Stack-based Buffer Overflow
CVE-2026-0203
Assigner-Juniper Networks, Inc.
ShareView Details
Assigner-Juniper Networks, Inc.
CVSS Score-7.1||HIGH
EPSS-0.25% / 16.19%
||
7 Day CHG~0.00%
Published-15 Jan, 2026 | 20:17
Updated-10 Mar, 2026 | 23:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Junos OS: Receipt of a specifically malformed ICMP packet causes an FPC restart

An Improper Handling of Exceptional Conditions vulnerability in packet processing of Juniper Networks Junos OS allows an unauthenticated, network-adjacent attacker sending a specifically malformed ICMP packet to cause an FPC to crash and restart, resulting in a Denial of Service (DoS). When an ICMP packet is received with a specifically malformed IP header value, the FPC receiving the packet crashes and restarts. Due to the specific type of malformed packet, adjacent upstream routers would not forward the packet, limiting the attack surface to adjacent networks. This issue only affects ICMPv4. ICMPv6 is not vulnerable to this issue. This issue does not affect AFT-based line cards such as the MPC10, MPC11, LC4800, LC9600, and MX304. This issue affects Junos OS:  * all versions before 21.2R3-S9,  * from 21.4 before 21.4R3-S10,  * from 22.2 before 22.2R3-S7,  * from 22.3 before 22.3R3-S4,  * from 22.4 before 22.4R3-S5,  * from 23.2 before 23.2R2-S3,  * from 23.4 before 23.4R2-S3,  * from 24.2 before 24.2R1-S2, 24.2R2.

Action-Not Available
Vendor-Juniper Networks, Inc.
Product-junosJunos OS
CWE ID-CWE-755
Improper Handling of Exceptional Conditions
CVE-2025-60011
Assigner-Juniper Networks, Inc.
ShareView Details
Assigner-Juniper Networks, Inc.
CVSS Score-6.9||MEDIUM
EPSS-0.42% / 33.74%
||
7 Day CHG~0.00%
Published-15 Jan, 2026 | 20:16
Updated-23 Jan, 2026 | 19:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Junos OS and Junos OS Evolved: Optional transitive BGP attribute is modified before propagation to peers causing sessions to flap

An Improper Check for Unusual or Exceptional Conditions vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, network-based attacker to cause an availability impact for downstream devices. When an affected device receives a specific optional, transitive BGP attribute over an existing BGP session, it will be erroneously modified before propagation to peers. When the attribute is detected as malformed by the peers, these peers will most likely terminate the BGP sessions with the affected devices and thereby cause an availability impact due to the resulting routing churn. This issue affects: Junos OS: * all versions before 22.4R3-S8, * 23.2 versions before 23.2R2-S5 * 23.4 versions before 23.4R2-S6, * 24.2 versions before 24.2R2-S2, * 24.4 versions before 24.4R2; Junos OS Evolved:  * all versions before 22.4R3-S8-EVO, * 23.2 versions before 23.2R2-S5-EVO, * 23.4 versions before 23.4R2-S6-EVO, * 24.2 versions before 24.2R2-S2-EVO, * 24.4 versions before 24.4R2-EVO.

Action-Not Available
Vendor-Juniper Networks, Inc.
Product-junos_os_evolvedjunosJunos OS EvolvedJunos OS
CWE ID-CWE-754
Improper Check for Unusual or Exceptional Conditions
CVE-2025-60007
Assigner-Juniper Networks, Inc.
ShareView Details
Assigner-Juniper Networks, Inc.
CVSS Score-6.8||MEDIUM
EPSS-0.13% / 2.98%
||
7 Day CHG~0.00%
Published-15 Jan, 2026 | 20:16
Updated-16 Mar, 2026 | 19:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Junos OS: A specifically crafted 'show chassis' command causes chassisd to crash

A NULL Pointer Dereference vulnerability in the chassis daemon (chassisd) of Juniper Networks Junos OS on MX, SRX and EX Series allows a local attacker with low privileges to cause a Denial-of-Service (DoS). When a user executes the 'show chassis' command with specifically crafted options, chassisd will crash and restart. Due to this all components but the Routing Engine (RE) in the chassis are reinitialized, which leads to a complete service outage, which the system automatically recovers from. This issue affects: Junos OS on MX, SRX and EX Series, except MX10000 Series and MX304:  * all versions before 22.4R3-S8, * 23.2 versions before 23.2R2-S5, * 23.4 versions before 23.4R2-S6, * 24.2 versions before 24.2R2-S2, * 24.4 versions before 24.4R2.

Action-Not Available
Vendor-Juniper Networks, Inc.
Product-ex4000srx5400mx240mx304ex9204junosmx204ex9208srx2300srx4700srx4600ex2300-cmx2020ex4100-fex4100ex4650mx2010srx4100ex4400srx4200srx4120ex9214ex4300mx10004srx5800ex3400srx1600mx480mx960srx345ex4600mx2008srx300mx10008srx380ex2300srx340srx1500srx4300srx320ex4100-hsrx5600Junos OS
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2025-60003
Assigner-Juniper Networks, Inc.
ShareView Details
Assigner-Juniper Networks, Inc.
CVSS Score-8.7||HIGH
EPSS-0.37% / 28.96%
||
7 Day CHG~0.00%
Published-15 Jan, 2026 | 20:15
Updated-23 Jan, 2026 | 19:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Junos OS and Junos OS Evolved: BGP update with a set of specific attributes causes rpd crash

A Buffer Over-read vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, network-based attacker to cause a Denial-of-Service (DoS). When an affected device receives a BGP update with a set of specific optional transitive attributes over an established peering session, rpd will crash and restart when attempting to advertise the received information to another peer. This issue can only happen if one or both of the BGP peers of the receiving session are non-4-byte-AS capable as determined from the advertised capabilities during BGP session establishment. Junos OS and Junos OS Evolved default behavior is 4-byte-AS capable unless this has been specifically disabled by configuring: [ protocols bgp ... disable-4byte-as ] Established BGP sessions can be checked by executing: show bgp neighbor <IP address> | match "4 byte AS" This issue affects: Junos OS:  * all versions before 22.4R3-S8, * 23.2 versions before 23.2R2-S5, * 23.4 versions before 23.4R2-S6, * 24.2 versions before 24.2R2-S2, * 24.4 versions before 24.4R2; Junos OS Evolved:  * all versions before 22.4R3-S8-EVO, * 23.2 versions before 23.2R2-S5-EVO, * 23.4 versions before 23.4R2-S6-EVO, * 24.2 versions before 24.2R2-S2-EVO, * 24.4 versions before 24.4R2-EVO.

Action-Not Available
Vendor-Juniper Networks, Inc.
Product-junos_os_evolvedjunosJunos OS EvolvedJunos OS
CWE ID-CWE-126
Buffer Over-read
  • Previous
  • 1
  • 2
  • 3
  • ...
  • 15
  • 16
  • Next