Juniper Networks Junos Os vulnerabilities

CVE-2026-21908 [HIGH] CWE-416 CVE-2026-21908: A Use After Free vulnerability was identified in the 802.1X authentication daemon (dot1xd) of Junipe A Use After Free vulnerability was identified in the 802.1X authentication daemon (dot1xd) of Juniper Networks Junos OS and Junos OS Evolved that could allow an authenticated, network-adjacent attacker flapping a port to crash the dot1xd process, leading to a Denial of Service (DoS), or potentially execute arbitrary code within the context of the proc

CVE-2026-21920 [HIGH] CWE-252 CVE-2026-21920: An Unchecked Return Value vulnerability in the DNS module of Juniper Networks Junos OS on SRX Series An Unchecked Return Value vulnerability in the DNS module of Juniper Networks Junos OS on SRX Series allows an unauthenticated, network-based attacker to cause a Denial-of-Service (DoS). If an SRX Series device configured for DNS processing, receives a specifically formatted DNS request flowd will crash and restart, which causes a service interrupti

CVE-2026-21917 [HIGH] CWE-1286 CVE-2026-21917: An Improper Validation of Syntactic Correctness of Input vulnerability in the Web-Filtering module o An Improper Validation of Syntactic Correctness of Input vulnerability in the Web-Filtering module of Juniper Networks Junos OS on SRX Series allows an unauthenticated, network-based attacker to cause a Denial-of-Service (DoS). If an SRX device configured for UTM Web-Filtering receives a specifically malformed SSL packet, this will cause an FPC cras

CVE-2026-21913 [HIGH] CWE-665 CVE-2026-21913: An Incorrect Initialization of Resource vulnerability in the Internal Device Manager (IDM) of Junipe An Incorrect Initialization of Resource vulnerability in the Internal Device Manager (IDM) of Juniper Networks Junos OS on EX4000 models allows an unauthenticated, network-based attacker to cause a Denial-of-Service (DoS). On EX4000 models with 48 ports (EX4000-48T, EX4000-48P, EX4000-48MP) a high volume of traffic destined to the device will cause a

CVE-2026-21918 [HIGH] CWE-415 CVE-2026-21918: A Double Free vulnerability in the flow processing daemon (flowd) of Juniper Networks Junos OS on SR A Double Free vulnerability in the flow processing daemon (flowd) of Juniper Networks Junos OS on SRX and MX Series allows an unauthenticated, network-based attacker to cause a Denial-of-Service (DoS). On all SRX and MX Series platforms, when during TCP session establishment a specific sequence of packets is encountered a double free happens. This cau

CVE-2026-21914 [HIGH] CWE-667 CVE-2026-21914: An Improper Locking vulnerability in the GTP plugin of Juniper Networks Junos OS on SRX Series allow An Improper Locking vulnerability in the GTP plugin of Juniper Networks Junos OS on SRX Series allows an unauthenticated, network-based attacker to cause a Denial-of-Service (Dos). If an SRX Series device receives a specifically malformed GPRS Tunnelling Protocol (GTP) Modify Bearer Request message, a lock is acquired and never released. This results

CVE-2026-21910 [HIGH] CWE-754 CVE-2026-21910: An Improper Check for Unusual or Exceptional Conditions vulnerability in the packet forwarding engin An Improper Check for Unusual or Exceptional Conditions vulnerability in the packet forwarding engine (PFE) of Juniper Networks Junos OS on EX4k Series and QFX5k Series platforms allows an unauthenticated network-adjacent attacker flapping an interface to cause traffic between VXLAN Network Identifiers (VNIs) to drop, leading to a Denial of Service (D

CVE-2026-21921 [HIGH] CWE-416 CVE-2026-21921: A Use After Free vulnerability in the chassis daemon (chassisd) of Juniper Networks Junos OS and Jun A Use After Free vulnerability in the chassis daemon (chassisd) of Juniper Networks Junos OS and Junos OS Evolved allows a network-based attacker authenticated with low privileges to cause a Denial-of-Service (DoS). When telemetry collectors are frequently subscribing and unsubscribing to sensors continuously over a long period of time, telemetry-cap

CVE-2026-21909 [HIGH] CWE-401 CVE-2026-21909: A Missing Release of Memory after Effective Lifetime vulnerability in the routing protocol daemon (r A Missing Release of Memory after Effective Lifetime vulnerability in the routing protocol daemon (rpd) Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated attacker controlling an adjacent IS-IS neighbor to send a specific update packet causing a memory leak. Continued receipt and processing of these packets will exhaust all avail

CVE-2026-21905 [HIGH] CWE-835 CVE-2026-21905: A Loop with Unreachable Exit Condition ('Infinite Loop') vulnerability in the SIP application layer A Loop with Unreachable Exit Condition ('Infinite Loop') vulnerability in the SIP application layer gateway (ALG) of Juniper Networks Junos OS on SRX Series and MX Series with MX-SPC3 or MS-MPC allows an unauthenticated network-based attacker sending specific SIP messages over TCP to crash the flow management process, leading to a Denial of Service (Do

CVE-2026-21906 [HIGH] CWE-755 CVE-2026-21906: An Improper Handling of Exceptional Conditions vulnerability in the packet forwarding engine (PFE) o An Improper Handling of Exceptional Conditions vulnerability in the packet forwarding engine (PFE) of Juniper Networks Junos OS on SRX Series allows an unauthenticated network-based attacker sending a specific ICMP packet through a GRE tunnel to cause the PFE to crash and restart. When PowerMode IPsec (PMI) and GRE performance acceleration are enable

CVE-2026-0203 [HIGH] CWE-755 CVE-2026-0203: An Improper Handling of Exceptional Conditions vulnerability in packet processing of Juniper Network An Improper Handling of Exceptional Conditions vulnerability in packet processing of Juniper Networks Junos OS allows an unauthenticated, network-adjacent attacker sending a specifically malformed ICMP packet to cause an FPC to crash and restart, resulting in a Denial of Service (DoS). When an ICMP packet is received with a specifically malformed IP h

CVE-2026-21903 [HIGH] CWE-121 CVE-2026-21903: A Stack-based Buffer Overflow vulnerability in the Packet Forwarding Engine (pfe) of Juniper Network A Stack-based Buffer Overflow vulnerability in the Packet Forwarding Engine (pfe) of Juniper Networks Junos OS allows a network-based attacker, authenticated with low privileges to cause a Denial-of-Service (DoS). Subscribing to telemetry sensors at scale causes all FPC connections to drop, resulting in an FPC crash and restart. The issue was not se

CVE-2026-21912 [MEDIUM] CWE-367 CVE-2026-21912: A Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in the method to collect FPC Ether A Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in the method to collect FPC Ethernet firmware statistics of Juniper Networks Junos OS on MX10k Series allows a local, low-privileged attacker executing the 'show system firmware' CLI command to cause an LC480 or LC2101 line card to reset. On MX10k Series systems with LC480 or LC2101

CVE-2025-59959 [MEDIUM] CWE-822 CVE-2025-59959: An Untrusted Pointer Dereference vulnerability in the routing protocol daemon (rpd) of Juniper Netwo An Untrusted Pointer Dereference vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows a local, authenticated attacker with low privileges to cause a Denial-of-Service (DoS). When the command 'show route detail' is executed, and at least one of the routes in the intended output has specific attr

CVE-2025-60011 [MEDIUM] CWE-754 CVE-2025-60011: An Improper Check for Unusual or Exceptional Conditions vulnerability in the routing protocol daemon An Improper Check for Unusual or Exceptional Conditions vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, network-based attacker to cause an availability impact for downstream devices. When an affected device receives a specific optional, transitive BGP attribute over an

CVE-2025-59961 [MEDIUM] CWE-732 CVE-2025-59961: An Incorrect Permission Assignment for Critical Resource vulnerability in the Juniper DHCP daemon (j An Incorrect Permission Assignment for Critical Resource vulnerability in the Juniper DHCP daemon (jdhcpd) of Juniper Networks Junos OS and Junos OS Evolved allows a local, low-privileged user to write to the Unix socket used to manage the jdhcpd process, resulting in complete control over the resource. This vulnerability allows any low-privileged

CVE-2025-59960 [MEDIUM] CWE-754 CVE-2025-59960: An Improper Check for Unusual or Exceptional Conditions vulnerability in the Juniper DHCP service (j An Improper Check for Unusual or Exceptional Conditions vulnerability in the Juniper DHCP service (jdhcpd) of Juniper Networks Junos OS and Junos OS Evolved allows a DHCP client in one subnet to exhaust the address pools of other subnets, leading to a Denial of Service (DoS) on the downstream DHCP server. By default, the DHCP relay agent inserts i

CVE-2025-60007 [MEDIUM] CWE-476 CVE-2025-60007: A NULL Pointer Dereference vulnerability in the chassis daemon (chassisd) of Juniper Networks Junos A NULL Pointer Dereference vulnerability in the chassis daemon (chassisd) of Juniper Networks Junos OS on MX, SRX and EX Series allows a local attacker with low privileges to cause a Denial-of-Service (DoS). When a user executes the 'show chassis' command with specifically crafted options, chassisd will crash and restart. Due to this all components

CVE-2025-52960 [HIGH] CWE-120 CVE-2025-52960: A Buffer Copy without Checking Size of Input vulnerability in the Session Initialization Protocol A Buffer Copy without Checking Size of Input vulnerability in the Session Initialization Protocol (SIP) ALG of Juniper Networks Junos OS on MX Series and SRX Series allows an unauthenticated, network-based attacker to cause a Denial of Service (DoS). When memory utilization is high, and specific SIP packets are received, flowd/mspmand crashes. While