CVE-2026-21917

EUVD-2026-2689

15.01.2026, 21:16

An Improper Validation of Syntactic Correctness of Input vulnerability in the Web-Filtering module of Juniper Networks Junos OS on SRX Series allows an unauthenticated, network-based attacker to cause a Denial-of-Service (DoS).

If an SRX device configured for UTM Web-Filtering receives a specifically malformed SSL packet, this will cause an FPC crash and restart.
This issue affects Junos OS on SRX Series:



  *  23.2 versions from 23.2R2-S2 before 23.2R2-S5, 
  *  23.4 versions from 23.4R2-S1 before 23.4R2-S5,
  *  24.2 versions before 24.2R2-S2,
  *  24.4 versions before 24.4R1-S3, 24.4R2.


Earlier versions of Junos are also affected, but no fix is available.

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	7.5 HIGH	NETWORK	LOW	NONE	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
juniper	CNA	7.5 HIGH	NETWORK	LOW	NONE	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Base Score

CVSS 3.x

EPSS Score

Percentile: 12%

Affected Products (NVD)

Vendor	Product	Version
juniper	junos	23.2:r2-s2
juniper	junos	23.2:r2-s3
juniper	junos	23.2:r2-s4
juniper	junos	23.4:r2-s1
juniper	junos	23.4:r2-s2
juniper	junos	23.4:r2-s3
juniper	junos	23.4:r2-s4
juniper	junos	24.2
juniper	junos	24.2:r1
juniper	junos	24.2:r1-s1
juniper	junos	24.2:r1-s2
juniper	junos	24.2:r2
juniper	junos	24.2:r2-s1
juniper	junos	24.4
juniper	junos	24.4:r1
juniper	junos	24.4:r1-s2
juniper	junos	24.4:r2

𝑥

= Vulnerable software versions

Common Weakness Enumeration

CWE-1286 - Improper Validation of Syntactic Correctness of Input
The product receives input that is expected to be well-formed - i.e., to comply with a certain syntax - but it does not validate or incorrectly validates that the input complies with the syntax.

References

https://kb.juniper.net/JSA105996

https://supportportal.juniper.net/JSA105996