CVE-2026-21910

EUVD-2026-2694

15.01.2026, 21:16

An Improper Check for Unusual or Exceptional Conditions vulnerability in the packet forwarding engine (PFE) of Juniper Networks Junos OS on EX4k Series and QFX5k Series platforms allows an unauthenticated network-adjacent attacker flapping an interface to cause traffic between VXLAN Network Identifiers (VNIs) to drop, leading to a Denial of Service (DoS).

On all EX4k and QFX5k platforms, a link flap in an

EVPN-VXLAN configuration Link Aggregation Group (LAG)
results in Inter-VNI traffic dropping when there are multiple load-balanced next-hop routes for the same destination.

This issue is only applicable to systems that support EVPN-VXLAN Virtual Port-Link Aggregation Groups (VPLAG), such as the QFX5110, QFX5120, QFX5200, EX4100, EX4300, EX4400, and EX4650.

Service can only be restored by restarting the affected FPC via the 'request chassis fpc restart slot <slot-number>' command.

This issue affects Junos OS 

on EX4k and QFX5k Series: 



  *  all versions before 21.4R3-S12, 
  *  all versions of 22.2
  *  from 22.4 before 22.4R3-S8, 
  *  from 23.2 before 23.2R2-S5, 
  *  from 23.4 before 23.4R2-S5, 
  *  from 24.2 before 24.2R2-S3,
  *  from 24.4 before 24.4R2.

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	6.5 MEDIUM	ADJACENT_NETWORK	LOW	NONE	CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
juniper	CNA	6.5 MEDIUM	ADJACENT_NETWORK	LOW	NONE	CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Base Score

CVSS 3.x

EPSS Score

Percentile: Unknown

Affected Products (NVD)

Vendor	Product	Version
juniper	junos	𝑥 < 21.4
juniper	junos	21.4
juniper	junos	21.4:r1
juniper	junos	21.4:r1-s1
juniper	junos	21.4:r1-s2
juniper	junos	21.4:r2
juniper	junos	21.4:r2-s1
juniper	junos	21.4:r2-s2
juniper	junos	21.4:r3
juniper	junos	21.4:r3-s1
juniper	junos	21.4:r3-s10
juniper	junos	21.4:r3-s11
juniper	junos	21.4:r3-s2
juniper	junos	21.4:r3-s3
juniper	junos	21.4:r3-s4
juniper	junos	21.4:r3-s5
juniper	junos	21.4:r3-s6
juniper	junos	21.4:r3-s7
juniper	junos	21.4:r3-s8
juniper	junos	21.4:r3-s9
juniper	junos	22.2
juniper	junos	22.4
juniper	junos	22.4:r1
juniper	junos	22.4:r1-s1
juniper	junos	22.4:r1-s2
juniper	junos	22.4:r2
juniper	junos	22.4:r2-s1
juniper	junos	22.4:r2-s2
juniper	junos	22.4:r3
juniper	junos	22.4:r3-s1
juniper	junos	22.4:r3-s2
juniper	junos	22.4:r3-s3
juniper	junos	22.4:r3-s4
juniper	junos	22.4:r3-s5
juniper	junos	22.4:r3-s6
juniper	junos	22.4:r3-s7
juniper	junos	23.2
juniper	junos	23.2:r1
juniper	junos	23.2:r1-s1
juniper	junos	23.2:r1-s2
juniper	junos	23.2:r2
juniper	junos	23.2:r2-s1
juniper	junos	23.2:r2-s2
juniper	junos	23.2:r2-s3
juniper	junos	23.2:r2-s4
juniper	junos	23.4
juniper	junos	23.4:r1
juniper	junos	23.4:r1-s1
juniper	junos	23.4:r1-s2
juniper	junos	23.4:r2
juniper	junos	23.4:r2-s1
juniper	junos	23.4:r2-s2
juniper	junos	23.4:r2-s3
juniper	junos	23.4:r2-s4
juniper	junos	24.2
juniper	junos	24.2:r1
juniper	junos	24.2:r1-s1
juniper	junos	24.2:r1-s2
juniper	junos	24.2:r2
juniper	junos	24.2:r2-s1
juniper	junos	24.2:r2-s2
juniper	junos	24.4
juniper	junos	24.4:r1
juniper	junos	24.4:r1-s2
juniper	junos	24.4:r1-s3

𝑥

= Vulnerable software versions

Common Weakness Enumeration

CWE-754 - Improper Check for Unusual or Exceptional Conditions
The software does not check or incorrectly checks for unusual or exceptional conditions that are not expected to occur frequently during day to day operation of the software.

References

https://kb.juniper.net/JSA106009

https://supportportal.juniper.net/JSA106009